MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26e82009881366fedeebd691e58231667c2bd18fd34136e17c985ec9bf3170dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26e82009881366fedeebd691e58231667c2bd18fd34136e17c985ec9bf3170dc
SHA3-384 hash: fdc24d7918ea352fe1dc8d485ccc70929035c70ebe7bc6cce08e67d494d0a2dc9cd24d447255c834c3463d17bf1f71ef
SHA1 hash: daed4a832a57427d4ff655730112148242b78369
MD5 hash: 6a12d7d6cf1026573c0a39ca5642c17b
humanhash: two-fanta-four-fruit
File name:Detalles del pago.pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:27'028 bytes
First seen:2020-05-21 19:28:13 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 384:xjZXPXNgBRaXf1wptcirh1yokNgywhqoLNMY+S7fyz22pQgROgHxIxDWNsROiBYt:xjZXZf1QcoRuoLqY+xpvdIxDes4iBrCd
TLSH 1DC2F268211780570FB867375E74D6B0F2290FE497FF339EA4F18695C6539C4ADC0652
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: aa98419.online-server.cloud
Sending IP: 74.208.129.40
From: Coreptec S.A. Christian Naranjo <Christian.Naranjo@coreptec.com>
Reply-To: Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>, Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>, Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>, Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>
Subject: Re: PAGO ATRÁS DEVUELTO TT (Ref 0180066743)
Attachment: Detalles del pago.pdf.gz (contains "Detalles del pago.pdf.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1h-BlkXoQsjYbeD9zseeUh8t1YEgG-v_5

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 19:35:38 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 26e82009881366fedeebd691e58231667c2bd18fd34136e17c985ec9bf3170dc

(this sample)

GuLoader

Executable exe e76ee0db44278c0742805ce66786923629cad847ee8c650214a36a1ebda37c69

  
URLhaus
https://urlhaus.abuse.ch/url/366311/
  
Dropping
MD5 b5edf2cacba398125f9dd302b91be303
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e76ee0db44278c0742805ce66786923629cad847ee8c650214a36a1ebda37c69

Comments