MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f57c1ed45089932ceb68dea824ddbd0c4f9f892f661038fc58e5892aef701a97. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f57c1ed45089932ceb68dea824ddbd0c4f9f892f661038fc58e5892aef701a97
SHA3-384 hash: 1c3c749b15931da46a03bddd48e3a6bfe02524923968c90886e01f1e35b527aaca1860e5a9e15ca375127ed36eac7cc4
SHA1 hash: 452d6bb041d0b4cb6106f1b9606eb0f90bd0bdef
MD5 hash: 54df8b995184afc290183f31a9d70d3b
humanhash: charlie-rugby-shade-aspen
File name:QPO53804R.RAR
Download: download sample
Signature GuLoader
Create hunting rule
File size:35'623 bytes
First seen:2020-05-27 18:25:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:931NJ0ziSjREggNuZ3q6fZGB4HwCTLdNmDyyIzzGE8:93auS9r3ZfZPwC/rmDzh
TLSH 96F2F14B597B68B36C7042FB7096219E61060693D0F878426E6DA84F25FB48C796C4DF
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

From: "EXPORT22" <baliresin@ivyatlasltd.com>
Subject: Purchase Orders No. L 2957/2020 & QPO53804R 3006/2020
Attachment: QPO53804R.RAR (contains "ORIJIN.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1mC2us57K54ntwNaFqQa_XUZ5-jWYwNFe

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:50 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar f57c1ed45089932ceb68dea824ddbd0c4f9f892f661038fc58e5892aef701a97

(this sample)

GuLoader

Executable exe 0ae738edd2fc130800042a864210df0111d64cd29953198c644035e9d2679acf

  
URLhaus
https://urlhaus.abuse.ch/url/370061/
  
Dropping
MD5 304cf8912d45b06660a1e57adccd4704
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0ae738edd2fc130800042a864210df0111d64cd29953198c644035e9d2679acf

Comments