MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ee62c5dc4120f9a7f0b664ecff949a15b3e44847e6d036eea977c000c444a47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ee62c5dc4120f9a7f0b664ecff949a15b3e44847e6d036eea977c000c444a47
SHA3-384 hash: e2ac72f9c4368f567fa169bcd1a63f4016918c97e0d04d5cbc147384639cd1d16fe81d3969c19fd4bf42f8dc1bfd30d7
SHA1 hash: b2f454b1a2af3f0a917bdfe67cf6163f90f58f93
MD5 hash: 664179013c8fc0811ff6ef09a759c80b
humanhash: mike-mango-tennessee-fillet
File name:DHL_AWB.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:58'947 bytes
First seen:2020-05-28 07:33:02 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 1536:hI9mn00uUOlddFBDfgw3cv08ZouASaOOvcvNzLTeelaoY:hXqUO3Ocq08vaOLvd2elah
TLSH 404302EDC23CC432A3CF780A11E69E4726E7EEF6940F732AF45995C6B011D058EE2568
Reporter abuse_ch
Tags:DHL GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mxserver22-out7.masterweb.com
Sending IP: 103.25.223.216
From: DHL EXPRESS <info@cn-nakareg.com>
Subject: DHL BILL OF LADING SHIPPING DELIVERY NOTICE
Attachment: DHL_AWB.gz (contains "gunzipped")

GuLoader payload URL:
http://baritaco.com/build_VZiETVXFTj172.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodGzip-A.12141.10895.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 05:58:44 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 5ee62c5dc4120f9a7f0b664ecff949a15b3e44847e6d036eea977c000c444a47

(this sample)

GuLoader

Executable exe 5a8995e3a1c868d8f0b0c0840da1909c7fc2240699ea41a35bb04f7f8b04c9fd

  
URLhaus
https://urlhaus.abuse.ch/url/369487/
  
Dropping
MD5 d554dbffe67a7a7604b870c14ad07724
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5a8995e3a1c868d8f0b0c0840da1909c7fc2240699ea41a35bb04f7f8b04c9fd

Comments