MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0dcbff3060fe2ad7c18acc46eb21e97eeb16b2f6c0bab484511f35695e5cc54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0dcbff3060fe2ad7c18acc46eb21e97eeb16b2f6c0bab484511f35695e5cc54
SHA3-384 hash: 7cfb9d53e0b28fa200c9ab8c3f7bf2fc29c08b557bb21c3b33970b5906bc2af06715ed83b43eb2b1b399f7fe3ddad102
SHA1 hash: 37c98d2086973f402c3669e3deaa11a711f74584
MD5 hash: 1d0f4f03b50957be4853deb4803fc286
humanhash: chicken-happy-november-bluebird
File name:ENQUIRY-21703.PDF.arj
Download: download sample
Signature GuLoader
Create hunting rule
File size:22'023 bytes
First seen:2020-05-12 16:08:03 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 384:a02x+lkAysrCXg9Osh5mwwuHCMQ3G19FHTinyZXM8eRNvKWTXrJEUy7AeM:2x+lkmEsh5m/QCWFHTiny+DNhTHysV
TLSH ACA2D0E278D6B0E2903662F7BC6F688D767B9E047F18565549A0634D467242FE8C3E20
Reporter abuse_ch
Tags:arj GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: linux977.grserver.gr
Sending IP: 185.138.42.16
From: Gianluca Cardarelli <janet.awoseyin@nsiainsurance.com>
Subject: PO_NO.ENQUIRY-21703
Attachment: ENQUIRY-21703.PDF.arj (contains "ENQUIRY-21703.PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 09:14:48 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6dol74ygb7rk27ayvtcg5mq6s7xlc2zpnqf2wscfchzvnfpfzrka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj f0dcbff3060fe2ad7c18acc46eb21e97eeb16b2f6c0bab484511f35695e5cc54

(this sample)

GuLoader

Executable exe 0e67a756fae287327df087026a90555ce7c261730aae3d95073164169e8e9d97

  
Dropping
MD5 1e73e1aa55106b523ecfcc268bb980c9
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0e67a756fae287327df087026a90555ce7c261730aae3d95073164169e8e9d97

Comments