MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ceab976300db21350390998d44ea0d60f9d4826eedbe4f86175ffa78c5001db2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ceab976300db21350390998d44ea0d60f9d4826eedbe4f86175ffa78c5001db2
SHA3-384 hash: 3d10088b5a5fb62d08b97b99efc670a5024b962d2ed3e27439526185cddc92df6fd57e780f62f891b9a6a549a520d401
SHA1 hash: 7ce4314f0bb0c50076a3e8e23bad7783d0492637
MD5 hash: 666630b6c4e432291311637af6ef88b7
humanhash: hot-fillet-hawaii-nuts
File name:PAYMENT COPY.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:25'696 bytes
First seen:2020-05-21 08:51:52 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 384:bppM6A1KpXoPPyOPQoFFnkhAhfC6/MyMv3atZq9pjxiIAZZsVDiDvnwP8/2fr2YC:k1OXiycZkwwPf9DnAPsIDvnwU/2fFK
TLSH 15B2E10528984C3A676DEDDF772ED6B40C4C0653A2C5D27349D1D539BABD4E831371CA
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vdom2.bangla.net
Sending IP: 203.188.252.35
From: Garry Azath <sales@mehendra-ip.co.id>
Subject: Fwd: Emailing : Confirm payment 5/21/2020 13:32:19
Attachment: PAYMENT COPY.gz (contains "gunzipped")

GuLoader payload URL:
https://heavenfort.in/build_NEW_gLpjIcLUO232.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.16480.1004.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 09:36:42 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z2vzoyya3mqtka4qtgguj2qnmd45jato5w7e7bqxl75hrriadwza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz ceab976300db21350390998d44ea0d60f9d4826eedbe4f86175ffa78c5001db2

(this sample)

GuLoader

Executable exe cd64991b42d0da07fa0c29055f701d4ea75669ccecdafb6f6ff69ea4f81ba76e

  
URLhaus
https://urlhaus.abuse.ch/url/365558/
  
Dropping
MD5 5935f5e339089b65a7663f239fcbe1a0
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cd64991b42d0da07fa0c29055f701d4ea75669ccecdafb6f6ff69ea4f81ba76e

Comments