MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f29a62a1dd9f7e6cd9dfa92e697adbf83c8395c0b16b8ececc5d281944ffd4ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f29a62a1dd9f7e6cd9dfa92e697adbf83c8395c0b16b8ececc5d281944ffd4ec
SHA3-384 hash: a8720de4b5f40f01934efe56c9ebfaac35c18c5a8431a90eac3b59002494c7fc5e70f1000c1c6aa84bc272574f4822d6
SHA1 hash: e2eb185d6eeeb7186aea848066faaf6872a8ca02
MD5 hash: 062e4de446bef26b3c7af890d3a34ccb
humanhash: xray-pluto-kentucky-cat
File name:PO 5008345.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:31'268 bytes
First seen:2020-06-10 06:48:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:fKE+OPmL36834lyUEuuMcG0RfL79O/Yd/1FecJFW93rN:fK2PmrVK2Fn4/aFeOWJx
TLSH FAE2F2FFF84C35D72E63BA2962C58F50A1839D94D2325410A67B21FCDB194D8B0D463E
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mendenhall.ml
Sending IP: 103.125.191.107
From: Matt Faulkner <matt.faulkner@visserprecision.com>
Subject: PO 5008345 Vit1B Order
Attachment: PO 5008345.gz (contains "SITU9145.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1yVGUzKy1Mw4SIGXaDwFDnTpdxRp7Exr4

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Malwarex-8014471-0
Create hunting rule

Win.Malware.Malwarex-8014474-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 06:50:11 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6kngfio5t57gzwo7vexgs6w37a6ihfoawfvy5twmluubsrh72twa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip f29a62a1dd9f7e6cd9dfa92e697adbf83c8395c0b16b8ececc5d281944ffd4ec

(this sample)

GuLoader

Executable exe 2f4f292a787841cda822a4a5c98b4dc3ed242d0b9051af0aaaf26baf707082c6

  
URLhaus
https://urlhaus.abuse.ch/url/385261/
  
Dropping
MD5 bedddf8c7ff586c5ee4293e23a8edafb
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2f4f292a787841cda822a4a5c98b4dc3ed242d0b9051af0aaaf26baf707082c6

Comments