MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef3efe9aa7e18636193b8ed2a286ccafb6252ee5a22b20b45d765055d89b2f86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ef3efe9aa7e18636193b8ed2a286ccafb6252ee5a22b20b45d765055d89b2f86
SHA3-384 hash:	2ea813e3a56c4ce4bd3b8ce5e5daa34eadf013b2f19ecb1d4fa9dd9b2f133c2c0108c5e3cd693be621fe3f7891acfb8c
SHA1 hash:	dcbb0a5bc221aebe6a436531dd317feb32480278
MD5 hash:	5bea062f961115c055dae930bd58c961
humanhash:	fifteen-echo-finch-shade
File name:	new order doc.zip
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	44'852 bytes
First seen:	2020-06-02 11:16:20 UTC
Last seen:	2020-06-02 12:42:01 UTC
File type:	zip
MIME type:	application/zip
ssdeep	768:u/UjIILYU2Re3YSRkqKPeYgtWY2ouKaIKRU6Z4eW4HoLwbjNsUj7+DEGNLmsLB:u/UjIIgh0PNYxY2ouKaIS9Mcokbtj7+1
TLSH	D313F15F543A2E77B3DF6E1E74B6622AAD6E035F132582640A98517CBD4EF033281932
Reporter	abuse_ch
Tags:	GuLoader zip

abuse_ch

Malspam distributing GuLoader:

HELO: lah-a2.de
Sending IP: 84.19.187.99
From: thomasvollbracht@thvollbracht.de
Subject: Re: New order 0636
Attachment: new order doc.zip (contains "new order doc.exe")

GuLoader payload URL:
http://156.96.118.179/AWELE-RAW_GTWfCx233.bin