MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a3e115c488e0398ff8124cb6bf87225e1dd74780aa388d4631274d0f3a34e93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a3e115c488e0398ff8124cb6bf87225e1dd74780aa388d4631274d0f3a34e93
SHA3-384 hash: acadd57c5b4216d3bb43c4ee7115aa752c8983074ffb18cd127e583014e8327289f2d99ebdec91a9c0ecdb05c1ddc70f
SHA1 hash: 9381cfb1469ae87db587a3bd21f089fc660fc453
MD5 hash: ca6efed8a72a6aebdb17b326cfa9507e
humanhash: alpha-golf-sierra-hamper
File name:shipping docs.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:34'719 bytes
First seen:2020-05-26 07:49:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:1ZfSX4bQvRiNV85wppV/wPxcEh25nCPJWytuy:1ZKIbQpiPdV685nuEy
TLSH 1FF2F2CF140715F9DBF2BC574639EFB72E9AA4CD3B7A89A0CB4424591C258848386BF4
Reporter abuse_ch
Tags:DHL GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.skylinesservices.com
Sending IP: 162.241.235.200
From: DHL Express <support@dhl.com>
Subject: Fwd: DHL Shipment Notification : 7348255143
Attachment: shipping docs.zip (contains "shipping docs.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1MaId-bDC66lxKekfa1yPZi5xj6yWr572

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vp2
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:39:17 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 48 (31.25%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 2a3e115c488e0398ff8124cb6bf87225e1dd74780aa388d4631274d0f3a34e93

(this sample)

GuLoader

Executable exe 16c2092baa98a45c1b1528ac2fd3674c26f9b30e62d2fcf619c0d3f8c83fa6ac

  
URLhaus
https://urlhaus.abuse.ch/url/368662/
  
Dropping
MD5 0af4660beba419fa062b5f78c3427bb0
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 16c2092baa98a45c1b1528ac2fd3674c26f9b30e62d2fcf619c0d3f8c83fa6ac

Comments