MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4edcfb91b67e41529a7ceabaa048ed00168cc3ecb95d11280f9db8f6ef1cfe1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4edcfb91b67e41529a7ceabaa048ed00168cc3ecb95d11280f9db8f6ef1cfe1
SHA3-384 hash: 913edb876368e1580272a04975679f8bb5d3b5d0ddc2e186358ecaed2a04f55f8c9d540b3e7e1a8e3363f2ef647ec7aa
SHA1 hash: 51a795b281fba1fa20d2ed92331d2778bcf26369
MD5 hash: f460f9dfb8290487fa9c6e54134edda6
humanhash: potato-bulldog-apart-nineteen
File name:HSBC PAYMENT SLIP.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:31'301 bytes
First seen:2020-05-27 16:47:19 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:wh5J2zYDmTUUdQNKtt+Oqt8nOnH58jgwSQlTvBVa5:whyq4QNKbBO8nQNUTvHE
TLSH D3E2F1432BD624B45AEE469D08FA268DE018FDB946377C6D0101120D965FCF3739BBE2
Reporter abuse_ch
Tags:GuLoader gz HSBC


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: merbabu.utama.id
Sending IP: 202.51.253.120
From: HSBC BANK ADVICE <Communications@mail.hsbcnet.hsbc.com>
Subject: HSBC Beneficiary Payments Advice (COVID-19 IS REAL!! STAY SAFE)
Attachment: HSBC PAYMENT SLIP.gz (contains "gunzipped")

GuLoader payload URLs:
https://kinansreview.com/build_NEW_gLpjIcLUO232.bin
https://cmdtech.com.vn/build_NEW_gLpjIcLUO232.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Agent.ERMZ.15488.9631.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 17:37:02 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz a4edcfb91b67e41529a7ceabaa048ed00168cc3ecb95d11280f9db8f6ef1cfe1

(this sample)

GuLoader

Executable exe 705359998910a71e56cde4f359ad4ae767d0182b45f46615ebcbaa969fe5c5c5

  
URLhaus
https://urlhaus.abuse.ch/url/369924/
  
Dropping
MD5 1cb505f7019930f98a5934145b82e659
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 705359998910a71e56cde4f359ad4ae767d0182b45f46615ebcbaa969fe5c5c5

Comments