MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea7dfb815f4db8cbd965eda64575694098856c827634b8eb495130846e30f367. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea7dfb815f4db8cbd965eda64575694098856c827634b8eb495130846e30f367
SHA3-384 hash: 0d2163e4ec741991e5e7b8c2c4f3740a535d6d7c9f94b9f807e9e8389a673664941acd4be85ffac29b233547ede92b84
SHA1 hash: 6a8b38e23bb8764d7a2aba94fd358dcb16e1edf5
MD5 hash: 20d5eb106af9b39ce480365a80d9a27f
humanhash: mirror-video-twelve-iowa
File name:Purchase List.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:29'996 bytes
First seen:2020-05-25 13:23:17 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:hPHs4Ag90Fc+KVsEiFL1FjwMYa+4Tmk2vz7qtk/qdx6mpkB15c:hPV90hQsZbFkMYadTmk2vz72kCx6wkBo
TLSH 94D2F1F212ED773095AAFC78D9C0287D2F0A7B988D80061748764152B363B6A446BDDA
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: megatech8.com
Sending IP: 37.49.230.164
From: Finance | Megatech <finance@megatech8.com>
Reply-To: yingzhang67@yahoo.com
Subject: Enquiry Ref #24052020
Attachment: Purchase List.zip (contains "Purchase List.exe")

GuLoader payload URL.
http://hosseinsoltani.ir/hilari_pahkc43.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43219890.2546.10420.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 06:31:26 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ea7dfb815f4db8cbd965eda64575694098856c827634b8eb495130846e30f367

(this sample)

GuLoader

Executable exe 2c1642f94762a15404bbc286403d839f6ceba0659179aa227232af98d2b49d6d

  
URLhaus
https://urlhaus.abuse.ch/url/367838/
  
Dropping
MD5 eef6dc58856297d147f9c2e823ef90b1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2c1642f94762a15404bbc286403d839f6ceba0659179aa227232af98d2b49d6d

Comments