MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa1c946415d491964bdb3e0b3ecb5288c9673a665c0fe3cff0a7862ce557001b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: fa1c946415d491964bdb3e0b3ecb5288c9673a665c0fe3cff0a7862ce557001b
SHA1 hash: 275231ccac0d33e92704d8ed844980cb66731dc9
MD5 hash: 22996f39e2677855c71e670d38da8c98
File name:Rechnung1.zip
Download: download sample
Signature GuLoader
File size:27'631 bytes
First seen:2020-05-22 10:13:04 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:JiCo3DGzMXZHQVl56fuGTD89G0TIOJS2lZAHtGH:Uf3KzMXZHqGWGTD89G9OJSswwH
TLSH 75C2E13E8EEB66008EED68645CFAF1ACA9EC05FBC9D60CA8075C001375D9C09D6B46C7
Reporter @abuse_ch
Tags:DEU geo GuLoader zip


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: mout.kundenserver.de
Sending IP: 212.227.17.13
From: info@zahnarztpraxis-dortmund.com
Subject: AW: AW: Zahlungsbeleg und Auftragsbestätigung 21-05-20 Rechnung_20-613129926-001
Attachment: Rechnung1.zip (contains "CICERO.exe")

GuLoader payload URL:
http://156.96.118.179/RSol.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 22
Origin country US US
ClamAV SecuriteInfo.com.Variant.Ursu.878098.15648.9773.UNOFFICIAL
VirusTotal:Virustotal results 29.23%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip fa1c946415d491964bdb3e0b3ecb5288c9673a665c0fe3cff0a7862ce557001b

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments