MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef1629492b1792ed9029b15f592b2a7918baa5bb9cf2cb47c8c6cb340e8173ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef1629492b1792ed9029b15f592b2a7918baa5bb9cf2cb47c8c6cb340e8173ab
SHA3-384 hash: 5f887bdc690ed87e5fac0b9b4fd2a8bee224b43695177506765b051a32e4a08a5ee15c005721aff2544f0739a09159b2
SHA1 hash: 13b4588e7012741e428c5d8588471d1fb3b753b9
MD5 hash: 6377ec7d17bb21e6154e0edc35793be3
humanhash: ten-lamp-hot-oranges
File name:Qutation.lzh
Download: download sample
Signature GuLoader
Create hunting rule
File size:52'677 bytes
First seen:2020-05-28 18:05:23 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 1536:qkJreJQzREIDjdbM1mSyOx3pXo+nnHwMf3Rg8H:dpzR1i1mSyOx3p7nHnqK
TLSH 9C330201098A74BA5C0157482C79AE90F54F5E41B3B3821F9578E84A19AEF6D9F8DB33
Reporter abuse_ch
Tags:GuLoader lzh


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.ucholder.com
Sending IP: 66.23.225.118
From: Corporate Compliance <admin@ucholder.com>
Subject: Inquire
Attachment: Qutation.lzh (contains "Qutation.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=809F316B561D99CA&resid=809F316B561D99CA%21164&authkey=APFBhYl0WwthgIA

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 18:37:02 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar ef1629492b1792ed9029b15f592b2a7918baa5bb9cf2cb47c8c6cb340e8173ab

(this sample)

GuLoader

Executable exe 8926bb6b6590a5a180cc10a7cedfb5df1e5d12013aeb23224bf917013ccb25a2

  
URLhaus
https://urlhaus.abuse.ch/url/371344/
  
Dropping
MD5 e3cc225523f68b335d44269e0813721d
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8926bb6b6590a5a180cc10a7cedfb5df1e5d12013aeb23224bf917013ccb25a2

Comments