MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8b65210c84ce89d6da36df0281201b6f6884af458376c4ee19c1668c1fd83a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8b65210c84ce89d6da36df0281201b6f6884af458376c4ee19c1668c1fd83a7
SHA3-384 hash: 6d3dbc0da0b88a6f8582c8382a6c1788010f76a244de28e123005428dd179d81cb2403cb1ca41faa79a04a25d4761bf6
SHA1 hash: e0cf9ba366b5e2ea4d672286b1f45905047b9fb8
MD5 hash: f80f263db7dcdafeee6f3363494e22ea
humanhash: yellow-thirteen-mississippi-bulldog
File name:INQURIY_QUOTE_20200521001.XLS.r00
Download: download sample
Signature GuLoader
Create hunting rule
File size:25'840 bytes
First seen:2020-05-21 10:32:31 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 768:FP1Sl6uv2wcA7NGRXnj6prEx+RpnklVDkh:FP1Sl6twF7N6X8rEx+jkz8
TLSH 7FC2E1086F3631DCC33B4FE38217152BE69750E521E4B394D224A7CA5CA3D2D4E82D9E
Reporter abuse_ch
Tags:GuLoader r00


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: timtex.com.cn
Sending IP: 193.29.187.182
From: Nicki Zhao <yanok@timtex.com.cn>
Subject: inquiry_quote_003246
Attachment: INQURIY_QUOTE_20200521001.XLS.r00 (contains "INQURIY_QUOTE_20200521001.XLS.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1mKijwcuY0LRdWG9dG2CsvPeJmeIcz5_7

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:37:23 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

r00 f8b65210c84ce89d6da36df0281201b6f6884af458376c4ee19c1668c1fd83a7

(this sample)

GuLoader

Executable exe 38b8d9983df22426b89c88131a63c57734d358c79b08ab51feb813f7f980409b

  
URLhaus
https://urlhaus.abuse.ch/url/366134/
  
Dropping
MD5 42ddcc0bffe3c8d8ee579e65642378da
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 38b8d9983df22426b89c88131a63c57734d358c79b08ab51feb813f7f980409b

Comments