MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0795574a6c3928d09c0528689d8c65e0913c25d60d114f6d8961f39bf738fa8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: e0795574a6c3928d09c0528689d8c65e0913c25d60d114f6d8961f39bf738fa8
SHA1 hash: c95bc9fe722d53fbeb45914f0cab4f2544be66b9
MD5 hash: f33215d52ee8875e4dba4e592418e9b2
File name:scan_payment_details.exe
Download: download sample
Signature GuLoader
File size:90'112 bytes
First seen:2020-05-22 09:59:59 UTC
Last seen:2020-05-22 10:52:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 479b0cb1925349a9ee67efe4bcd9a21b
ssdeep 768:l9abW/PZKSkNRtNy3QtGyswZWJu8zK+waf8bjjp2BdubJ7RjB8x+Jm9:PagetiptwafOp2BduNRas89
TLSH C493391135ACECA7DF89C9B5992506DC65BFFD306E740F0B38C5762D2A336464A2630B
Reporter @abuse_ch
Tags:exe GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: ns6.kdconcept.net
Sending IP: 87.98.188.66
From: PAYABLES-MOTION <s.chen@motiontp.com.tw>
Reply-To: s.chen@motiontp.com.tw
Subject: PAYMENT RETURNED DUE TO INVALID ACCOUNT
Attachment: Scan_payment_details.arj (contains "scan_payment_details.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1p7KeQxSwuIvrVtVph5lKDxulZTagGg_P

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 26
Origin country FR FR
ClamAV SecuriteInfo.com.Variant.Ursu.878098.11507.12138.UNOFFICIAL
VirusTotal:Virustotal results 33.33%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe e0795574a6c3928d09c0528689d8c65e0913c25d60d114f6d8961f39bf738fa8

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments