MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f36275fc0b68cd3d6afc42cc9504d5275d002d6f45a786f1e3e1d459612d8ee4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f36275fc0b68cd3d6afc42cc9504d5275d002d6f45a786f1e3e1d459612d8ee4
SHA3-384 hash: 3e6d5b32f31cf4dbdbbf53fb5c7a68ead1953e8c1ee62bdfe7d39392886a276a1024d7a951151a07048b2da1fb6c44b0
SHA1 hash: 3917a3bce372821032a7e052db0569c6b659c5c8
MD5 hash: 3255f1fe9036117a805fafd70d0dd0b2
humanhash: minnesota-lithium-mike-oven
File name:ALGOMA STEEL PROJECT.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:76'990 bytes
First seen:2020-06-03 17:25:49 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:w++mfItXDvAq5q9ybVUte2X5yslkC+Avc0nWma/L9zRv:rMXDvbe1/lkCVljazF5
TLSH D77312B2FAC2A7D2AE65772031A5394395DA3A9DAF35C1134648D9E80D5DBC01FCF382
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.huttprimax.partners
Sending IP: 162.241.215.47
From: pfinley@algoma.com
Reply-To: altan.tenagatiub@email.com
Subject: Algoma Steel //Urgent Inquiry //
Attachment: ALGOMA STEEL PROJECT.zip (contains "ALGOMA STEEL PROJECT.exe")

GuLoader payload URL:
http://jumapatagonia.com.ar/whitemaster/bin_JjNNLtz194.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 17:36:05 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6nrhl7alndgt22x4ilgjkbgve5oqallpiwtyn4pd4hkfsyjnr3sa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip f36275fc0b68cd3d6afc42cc9504d5275d002d6f45a786f1e3e1d459612d8ee4

(this sample)

GuLoader

Executable exe 7c993072655d3846fd0fa15c1370d2e784eddc45a0204e281e8b05dfceda6ece

  
Dropping
MD5 a4a78ba52f2a4551e27f056163dbd980
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7c993072655d3846fd0fa15c1370d2e784eddc45a0204e281e8b05dfceda6ece

Comments