MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2150a425cf080e1a6e108406931a8a0b6d6804ca5d9f6e88daa3cfa252974ba3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2150a425cf080e1a6e108406931a8a0b6d6804ca5d9f6e88daa3cfa252974ba3
SHA3-384 hash: 0175963bd64f5f1d67777fa67d7da7e303ee9bbfb70427008f44f7c8cc86123dde867424134ed3a65d0da2541a91ffe6
SHA1 hash: c92f9ef4855fff3ec3ec664539ccf76ee1792da2
MD5 hash: fc133be3f745687bc225965e1cbb84c5
humanhash: cat-white-violet-echo
File name:DHL Consingment-pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:45'082 bytes
First seen:2020-06-08 12:04:54 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:woka94BXNQJC3zkgRwY+F9Wgy+4ifh4zbTZqFVvgBNaXKMDhPlQodrryaS21y:wokXBdGCjNl+F9Wf5ifq3Y/vAwXRDVZg
TLSH D113F1BFD4292EB86157850ABB6449DC3E67142A1FFB1473CA3E88235FEC5482B4C671
Reporter abuse_ch
Tags:DHL GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.563.zizospanltd.casa
Sending IP: 134.122.59.62
From: DHL DELIVERY REPORT <563.zizospanltd.casa>
Subject: DHL DELIVERY NOTIFICATION
Attachment: DHL Consingment-pdf.gz (contains "gunzipped")

GuLoader payload URL:
https://automarsel.pl/2ND_OhXwqURK78.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33986751.29948.20501.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 09:11:42 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=efikijopbahbu3qqqqdjggukbnwwqbgklwpw5cg2uph2euuxjorq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 2150a425cf080e1a6e108406931a8a0b6d6804ca5d9f6e88daa3cfa252974ba3

(this sample)

GuLoader

Executable exe f888221496147b75d54210c499498b02780082a4e241575c7374adf58c38d902

  
URLhaus
https://urlhaus.abuse.ch/url/378988/
  
Dropping
MD5 266c529e87a5402bcf0073ce027ad588
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f888221496147b75d54210c499498b02780082a4e241575c7374adf58c38d902

Comments