MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a996e0794ff2bdb2b95eabe0158220860716c699b94ce2a641229e39f44cefa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a996e0794ff2bdb2b95eabe0158220860716c699b94ce2a641229e39f44cefa
SHA3-384 hash: 4600fcc06431affb72f73c63b2c4211ce07108c72c9240c1b8f9291d7eb971ef55ade70cbf35dd6ae53d8e96c21dc0b8
SHA1 hash: 65b44606f9b07a5d5f7463637fd7f870a7c08df8
MD5 hash: cba65436ecf561ce63b9aedc51cdff2e
humanhash: carolina-network-zulu-georgia
File name:Documents-DHL950446602.pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:29'996 bytes
First seen:2020-05-27 12:48:24 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 768:60rwjtTxUWEeUxl14YabUVEGBec+Kf9MMfBIidPmzAUL6:60rwjtTxKxIYabU6GBf9YidPaAN
TLSH 9DD201C6CEE420ED1CC0AB5ACBA4835370DB85F7FA11244B27D857CAB2426D2D4DB953
Reporter abuse_ch
Tags:DHL GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: aa98419.online-server.cloud
Sending IP: 74.208.129.40
From: billing <billing.expressec@dhl.com>
Subject: New Shipment Documents-DHL950446602
Attachment: Documents-DHL950446602.pdf.gz (contains "Documents-DHL950446602.pdf.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=16LVpHzxPcMwrQgw96jSkpZ7llrG2Gl7K

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 13:36:04 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
17 of 30 (56.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 4a996e0794ff2bdb2b95eabe0158220860716c699b94ce2a641229e39f44cefa

(this sample)

GuLoader

Executable exe d3a0f59483985809d83304d2336cd23554c8bca976adcb1008cdd529a1e342ee

  
URLhaus
https://urlhaus.abuse.ch/url/369892/
  
Dropping
MD5 27880d402bb359e126b92c1bc8f33759
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d3a0f59483985809d83304d2336cd23554c8bca976adcb1008cdd529a1e342ee

Comments