MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac82019c424deb77bf5407770a6c9e59ed2c069289c5505eecf0ec630fef3e46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac82019c424deb77bf5407770a6c9e59ed2c069289c5505eecf0ec630fef3e46
SHA3-384 hash: fd0a07645f885a5c7621c0472f784df668c419662d3e7ed4d9dfd8b5c0c80ef980346b125f4aef2849e7952019775171
SHA1 hash: b1b3c654b97013bd95fb0f2c0b39e3fa7344cf37
MD5 hash: 5b61472f6bd56c15f5e7a859cb0480d9
humanhash: cardinal-edward-blossom-asparagus
File name:Scan0002.pdf.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:59'113 bytes
First seen:2020-05-28 07:33:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:rAKETpuJi64BWLw+ZuePjEAOEKPbC4EPxk49zc6TZgQCYSGYcYe+S:rlWwJi6bLC0EfEKT9Ey41TZLDUcYbS
TLSH B143F1009D2311C690165A4E4C4AF90A75B6C742523ECD2314BDEDE8EB6FF6B8F6F149
Reporter abuse_ch
Tags:GuLoader HSBC z


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.dsewqoiy.monster
Sending IP: 142.11.194.213
From: HSBC BANK <info@troplendis.be>
Subject: HSBC Notification For Wire Transfer Ref No {049581673}
Attachment: Scan0002.pdf.z (contains "ZACHERYSTREGKODERCARLOS'SR.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1VDDr13QB-SbZaBWx30W2Z7lMfIeRUu_3

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis21EC6A9546D4.15422.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:37:55 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ac82019c424deb77bf5407770a6c9e59ed2c069289c5505eecf0ec630fef3e46

(this sample)

GuLoader

Executable exe c689edeb2bea45f5a7e6402ba51dc23e40e6c8b509841f60cb3d7327340b9b60

  
URLhaus
https://urlhaus.abuse.ch/url/370301/
  
Dropping
MD5 21ec6a9546d44412873704b3f6cac02a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c689edeb2bea45f5a7e6402ba51dc23e40e6c8b509841f60cb3d7327340b9b60

Comments