MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc9d777bc9624053f4e3b1490481ce501db56852114f5183b976e391724db2a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc9d777bc9624053f4e3b1490481ce501db56852114f5183b976e391724db2a6
SHA3-384 hash: b16e190a1cd9a41151e1d2f5e3b87d76615e16f891f4dc52c4e7cbacb18980b88c89ac2152dcc30830a0cc677cc982fb
SHA1 hash: 3d2f8371fb9daec2c184ab0b0c6e56fc9f114cc0
MD5 hash: f4df75353727bf3d3bc5bf97321c8fb5
humanhash: stream-white-california-music
File name:Order GFD-102747_pdf.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-05 19:34:53 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:90OlYcDrdLtwmmStpUdvwDwvfE7jTkcbWxOL4jwHQyQDWuAV:nlxrdhrpUmEk7jTkIbia+6V
TLSH 7445A01BB81ECB9DD2144EF1F97150F11669AF07EA41296FB2C8FE6C73B009C28516E6
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: steppersexpress.shop
Sending IP: 155.138.219.68
From: Nancy Lang <sales@steppersexpress.shop>
Reply-To: sales@steppersexpress.shop
Subject: Order Receipt GFD-102747
Attachment: Order GFD-102747_pdf.img (contains "Order GFD-102747_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1nuzERLigTnal8O6BNV8Xe858ZwCbibux

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.271937.29620.28264.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 19:36:15 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7soxo66jmjafh5hdwfeqjaookao3k2cscfhvda5zo3rzc4snwkta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img fc9d777bc9624053f4e3b1490481ce501db56852114f5183b976e391724db2a6

(this sample)

GuLoader

Executable exe d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772

  
URLhaus
https://urlhaus.abuse.ch/url/382340/
  
Dropping
MD5 2ad51df64005dc68130358394d31c1ec
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772

Comments