MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 339e6454c099c3527111098d1c960788bcb27ba5c793623b2fc0bd761fd2c082. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 339e6454c099c3527111098d1c960788bcb27ba5c793623b2fc0bd761fd2c082
SHA3-384 hash: 35a8f90e738001a4d9e86a9155a38e9b647dc8a53d6784d8f75e6f754a00aea7db3d2461aa10adccec7c46e6e6de0cfc
SHA1 hash: 611794b6017dc834d9bfe0406ea83d86234ebb21
MD5 hash: edab333ca632b9fb0d63b06615ef37a0
humanhash: golf-triple-texas-papa
File name:Scan Docs_pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:53'944 bytes
First seen:2020-05-28 13:14:43 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:yxxzo/PdkZzpSwmqb+EaaQN2eAhNeppm9wGgFDP+ajOPrfWRKLUudM7JQqssYTDu:2AdkZUitzWiXCpqPzX40M7JynTZzzFe
TLSH 2E3302B8856745340E08AEAB9D3350D2B5411BA9E9CAFE4EB3FEF4B69166C424B15340
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hosting.comfrel.org
Sending IP: 162.241.208.147
From: ROKONMA (S) PTE <azlina@rokonma.com.my>
Subject: Please send me price list.
Attachment: Scan Docs_pdf.gz (contains "Scan Docs_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1TGM04C2zh0icvRKXEOoymZI40WFDTdhd

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodGzip-A.14615.10053.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 13:37:32 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 339e6454c099c3527111098d1c960788bcb27ba5c793623b2fc0bd761fd2c082

(this sample)

GuLoader

Executable exe c62acb5894988284f4effb5bd8ece3701c9fe7854d865bb75f2eb447556d9c8f

  
URLhaus
https://urlhaus.abuse.ch/url/370984/
  
Dropping
MD5 49f8df45432c65920dbad1a33f1eb4b9
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c62acb5894988284f4effb5bd8ece3701c9fe7854d865bb75f2eb447556d9c8f

Comments