MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3ec09d1d2d477890b0ca2d1e57b8a8581e7a8b1245907f983290f8acb8307c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3ec09d1d2d477890b0ca2d1e57b8a8581e7a8b1245907f983290f8acb8307c0
SHA3-384 hash: 40bc06b6b9e637fdcc7000953d6c1e87c43b8ff0c7f2dfa11b0a6c2c7a7ee62591f9a964dae4df99c2a409901f8437f3
SHA1 hash: d232258affa6c3a5b87d33855807938431bd4b40
MD5 hash: 0655316afee59759b6632d08cad86bbd
humanhash: enemy-uncle-yankee-nuts
File name:MV RUKIA V.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:76'501 bytes
First seen:2020-06-04 06:03:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:RgyQQQjqpz1zMGGFsrkZcYLkMsYWGm8JmwbmeQOozl:RgyQQQjepPzIhWGmwbmUoR
TLSH C17302F572728D6D748249E96C17297AC1C261500DB3A426FA9367B3DE7E0BDD8F20C8
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: whm.mastertindo.com
Sending IP: 103.103.192.221
From: Gwee Yee Er <yeeer.gwee@sg.wilmar-intl.com>
Subject: MV RUKIA V - DISPORT AGENCY NOMINATION
Attachment: MV RUKIA V.zip (contains "MV RUKIA V.exe")

GuLoader payload URL:
https://dealco.ga/mana.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 03:24:55 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6pwatuos2r3yscymuli6k64kqwa6pkfrermqp6mdfehyvs4da7aa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip f3ec09d1d2d477890b0ca2d1e57b8a8581e7a8b1245907f983290f8acb8307c0

(this sample)

GuLoader

Executable exe 045a0ca823585d73272d70c8b35e6a91c0fcbe5221a088f48db5e613a67be2a5

  
URLhaus
https://urlhaus.abuse.ch/url/378986/
  
Dropping
MD5 3c3fde5c5c26ca0cb8705fc80a5dbf39
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 045a0ca823585d73272d70c8b35e6a91c0fcbe5221a088f48db5e613a67be2a5

Comments