MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa1c946415d491964bdb3e0b3ecb5288c9673a665c0fe3cff0a7862ce557001b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa1c946415d491964bdb3e0b3ecb5288c9673a665c0fe3cff0a7862ce557001b
SHA3-384 hash: 6e75ada70359f502dc5fe7fb53eeb40da298de4d75fa893811ddf6231967a411127376d8069dc6cf746b23585479527a
SHA1 hash: 275231ccac0d33e92704d8ed844980cb66731dc9
MD5 hash: 22996f39e2677855c71e670d38da8c98
humanhash: spaghetti-mike-mississippi-glucose
File name:Rechnung1.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:27'631 bytes
First seen:2020-05-22 10:13:04 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:JiCo3DGzMXZHQVl56fuGTD89G0TIOJS2lZAHtGH:Uf3KzMXZHqGWGTD89G9OJSswwH
TLSH 75C2E13E8EEB66008EED68645CFAF1ACA9EC05FBC9D60CA8075C001375D9C09D6B46C7
Reporter abuse_ch
Tags:DEU geo GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mout.kundenserver.de
Sending IP: 212.227.17.13
From: info@zahnarztpraxis-dortmund.com
Subject: AW: AW: Zahlungsbeleg und Auftragsbestätigung 21-05-20 Rechnung_20-613129926-001
Attachment: Rechnung1.zip (contains "CICERO.exe")

GuLoader payload URL:
http://156.96.118.179/RSol.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.878098.15648.9773.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 10:37:23 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip fa1c946415d491964bdb3e0b3ecb5288c9673a665c0fe3cff0a7862ce557001b

(this sample)

GuLoader

Executable exe 44b9088e8bd1c22c10d5ea77951a3dda0884a8564187a8f98a4472120f374c91

  
URLhaus
https://urlhaus.abuse.ch/url/366085/
  
Dropping
MD5 e19f54257ca4ca7f0753485fa5b76712
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 44b9088e8bd1c22c10d5ea77951a3dda0884a8564187a8f98a4472120f374c91

Comments