MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dbd9a79854e2d7627a1ce5458f9c6a08c6df1aca17e02b6ac40c1a3e0f8df3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3dbd9a79854e2d7627a1ce5458f9c6a08c6df1aca17e02b6ac40c1a3e0f8df3a
SHA3-384 hash: 67eba72114dfbfe679280276858eda4f1c84a6476ed6603365e82b79df42d58e750048fd6223ed807cff7f8940661169
SHA1 hash: cac5a874d339871b247d832cabe3881735cbd3a9
MD5 hash: ba49e5feff5d7db00838af0fd108ccbb
humanhash: whiskey-tennessee-sweet-kitten
File name:dowd bankowy.pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'870 bytes
First seen:2020-05-22 15:03:18 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 768:EmtTHvLK5Dmjoqclp5ztrfzGlU/vfiik/:xHvLK5Dmtc/Dz0U/n2
TLSH 5DB2D1399A956D4E45F0C87B00E25D694FADC44CFF73D606C46B8BAF143429E4D863C6
Reporter abuse_ch
Tags:geo GuLoader gz POL


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: techdata.pl
Sending IP: 209.58.149.73
From: Graczyk, Daria <Daria.Graczyk@techdata.pl>
Subject: Fw: DOWÓD FAKTUR PŁATNOŚCI
Attachment: dowd bankowy.pdf.gz (contains "dowód bankowy.pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1dsmROHC1JlAbWrI367jfmsm1WsShvxAX

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Netwire
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 15:35:46 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 3dbd9a79854e2d7627a1ce5458f9c6a08c6df1aca17e02b6ac40c1a3e0f8df3a

(this sample)

GuLoader

Executable exe 3a269358089c5d4852d4c43ce63745226d1b889620be5937125184569a379999

  
URLhaus
https://urlhaus.abuse.ch/url/366789/
  
Dropping
MD5 da26b25f2d6ef4aaddb565815bdada96
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3a269358089c5d4852d4c43ce63745226d1b889620be5937125184569a379999

Comments