MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4ee2613fab4474893d92727c56fa80c60ba1d632246f22e001f2659f408158f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: f4ee2613fab4474893d92727c56fa80c60ba1d632246f22e001f2659f408158f
SHA1 hash: 06869ae7d9a34f2374c0c6d1d9ca348bb68043e8
MD5 hash: 8f0775e859711a1ab0645db33a8b31c2
File name:INVOICE BANK DETAILS.zip
Download: download sample
Signature GuLoader
File size:26'969 bytes
First seen:2020-05-22 10:18:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:bERtDe/gx1aJLTQ+sv7hBpw9Dcupx38vcBg3+Q4d:Gde/C1+LTQ+sF09T38v7Ed
TLSH 59C2F1034912B74222570978987BDC837F8C03217A0588FF5A588EDF239AE55699BDA3
Reporter @abuse_ch
Tags:GuLoader zip


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: h3.datagix.com
Sending IP: 82.196.25.97
From: Richard <hanifah.jamri@apis-resources.com>
Subject: INVOICE AND BANK DETAILS
Attachment: INVOICE BANK DETAILS.zip (contains "INVOICE BANK DETAILS.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1qnmY7JT85Lc06ddeKE0mMQCAniY1yL54

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 22
Origin country FR FR
ClamAV PUA.Win.Packer.ProtectSharewar-2
PUA.Win.Packer.ProtectSharewar-3
VirusTotal:Virustotal results 18.75%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip f4ee2613fab4474893d92727c56fa80c60ba1d632246f22e001f2659f408158f

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments