MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed31299f22412d76e2e7b17a412a8d13111f0ece285ea69e691b0dcd4dbd8fc8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ed31299f22412d76e2e7b17a412a8d13111f0ece285ea69e691b0dcd4dbd8fc8
SHA3-384 hash:	833de388862980a7a6ca718f486d28f274c4f4274020718597c127a9326b7d23a1e50d03638f1b567f1072281bc119d3
SHA1 hash:	2fd972ebe29159b7141aa8a4e8554cf86bc95ed6
MD5 hash:	a214601630cc82adc8b930d10a68d03d
humanhash:	gee-eight-magnesium-angel
File name:	Lists of our Order...zip
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	31'763 bytes
First seen:	2020-06-10 06:48:08 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	768:Lgk6f261XB0WxYzJSKhDDRVngV2B11RMtAAXyvgmwtIG:Lq26oTsKtdGV2DvMh2gmW
TLSH	7CE2F28D28CE7B864850B9DDC542BF86B8CCC1693B53A50BD3101ED3FD25739F6A0969
Reporter	abuse_ch
Tags:	GuLoader zip

abuse_ch

Malspam distributing GuLoader:

HELO: newalias.mindviking.com
Sending IP: 38.68.36.251
From: Mr. J. C. Lin <info@disturbinggreece.com>
Subject: R: Due regarding our Order..
Attachment: Lists of our Order...zip (contains "Proforma.exe")

GuLoader payload URL:
http://jtcmachinery.com/batch/spam@ashok_kEoWkr235.bin