MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e67ba0f0ba172e60ed0692ef289731dc9288a95d2c3ca5b6abdb14ae5ef885fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e67ba0f0ba172e60ed0692ef289731dc9288a95d2c3ca5b6abdb14ae5ef885fd
SHA3-384 hash: 43f0e2ef20042ca1f242422604a71bafa7c03df078c0cfec808b180e5cbf24493bf28419c8d3138225c5d38ae309627d
SHA1 hash: 0bb576bb835c6c1ed8e96b9fe34d71aad747ad30
MD5 hash: 0aa205ac87f2843f95555524f3134aa1
humanhash: cup-shade-victor-berlin
File name:Payment_copy.lzh
Download: download sample
Signature GuLoader
Create hunting rule
File size:31'241 bytes
First seen:2020-05-26 09:08:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:lrLMSZcme/84i2UcFztf8jWSa4Azp14vRJCap9Vg4kc:9L9w/g2ptf8jPa4Azp14vRJCS9Vg4p
TLSH 35E2F1C12AB7ADE3C410DE3E24CA3E6572CD8A70D1416E246DB53B2B96AFD81C531742
Reporter abuse_ch
Tags:GuLoader lzh


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: whoismail.net
Sending IP: 211.115.64.88
From: 리지드코리아 <info@ridgidkorea.com>
Reply-To: =?UTF-8?B?66as7KeA65Oc7L2U66as7JWE?= <info@ridgidkorea.com>
Subject: Outstanding payment
Attachment: Payment_copy.lzh (contains "Payment_copy.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=02E98840A4C9FD6C&resid=2E98840A4C9FD6C%211183&authkey=ANV33tRMzmI5CKo

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:23 UTC
AV detection:
13 of 30 (43.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar e67ba0f0ba172e60ed0692ef289731dc9288a95d2c3ca5b6abdb14ae5ef885fd

(this sample)

GuLoader

Executable exe 5f845094f591cc548f669c31a1cbd8466bfe37bdd890d12e535afd73242d58a7

  
URLhaus
https://urlhaus.abuse.ch/url/368645/
  
Dropping
MD5 a2c9a67c3c5a353d879e984606f723c1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5f845094f591cc548f669c31a1cbd8466bfe37bdd890d12e535afd73242d58a7

Comments