MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e761de2471fe1811d6a545231c1aa3d6b8065f0157af871808d2443c8c61dd09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: e761de2471fe1811d6a545231c1aa3d6b8065f0157af871808d2443c8c61dd09
SHA1 hash: b1ccb23abcaf2271167b9e7534e40512d8a36723
MD5 hash: a5227202babf335d14eec4a0a497f62c
File name:REMITTANCE RECEIPT.exe
Download: download sample
Signature GuLoader
File size:106'496 bytes
First seen:2020-05-23 11:53:23 UTC
Last seen:2020-05-23 13:13:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 00d34b8222b047897a9ae1926bf88940
ssdeep 1536:yFIBXeYj2asNR/TwAymAd5i1JOWDLahZ:iIBGjr2QJOWDLaZ
TLSH EAA327A3F4B8AA31C52598BD19B486F4661BAEBD0532CA5B70C4B74C25FB4C3363D346
Reporter @abuse_ch
Tags:exe GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: mta11.srv.hcvlny.cv.net
Sending IP: 167.206.4.220
From: Metty.Gomaz <Clarkroy440@yahoo.com>
Subject: Remittance Transaction
Attachment: REMITTANCE RECEIPT.ISO (contains "REMITTANCE RECEIPT.exe")

GuLoader payload URL:
https://twadatabase.com/uj/newsamcav_HgMSY69.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 26
Origin country US US
ClamAV SecuriteInfo.com.Win32.Injector.EMBB.27305.UNOFFICIAL
VirusTotal:Virustotal results 17.81%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe e761de2471fe1811d6a545231c1aa3d6b8065f0157af871808d2443c8c61dd09

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments