MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f21a7ec0957e8b8e17b1e52716ad11a70dce9ddccbd56e52687209afa7205c3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f21a7ec0957e8b8e17b1e52716ad11a70dce9ddccbd56e52687209afa7205c3a
SHA3-384 hash: d1d21dc41f88b24446478d832b9d162c20ecd7793950acdc325f603dde5eb6ff324317b30073697e26c000469b6ff414
SHA1 hash: 7cda05d12831d24fd3b02d6774a41ed4badaeaa9
MD5 hash: da1472dbc368d0f5dabd746736b118d2
humanhash: red-jersey-nuts-high
File name:Detalles del pago.pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'046 bytes
First seen:2020-05-23 11:53:04 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 384:5yeI9DzXOsWA+klf5lS1YGZHnsg6u3Uh2oADZrLPSJDSSGg5YEbMxKs/BQeR2i7F:It9DjWA+Y5oSMj6sA2x1MD9RbIzQeRbx
TLSH 58B2E19C0793547E1405522ED756DC2A10F3922EB3F7D30C6EE83376D19A3DA7985922
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: aa98419.online-server.cloud
Sending IP: 74.208.129.40
From: Coreptec S.A. Christian Naranjo <Christian.Naranjo@coreptec.com>
Reply-To: Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>, Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>, Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>
Subject: Re: PAGO ATRÁS DEVUELTO TT (Ref 0180066743)
Attachment: Detalles del pago.pdf.gz (contains "Detalles del pago.pdf.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1GHqRKU6aLAanHCqSOCTqnW3k_uhA0-Md

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-23 05:29:12 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz f21a7ec0957e8b8e17b1e52716ad11a70dce9ddccbd56e52687209afa7205c3a

(this sample)

GuLoader

Executable exe 314c3caa4b1a6ccb17a7348cdf0ac7577a6ccc595a4d6cc0f9abcde2befc58d0

  
URLhaus
https://urlhaus.abuse.ch/url/367156/
  
Dropping
MD5 d1da99d9f2d055e18f05e121f44883e1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 314c3caa4b1a6ccb17a7348cdf0ac7577a6ccc595a4d6cc0f9abcde2befc58d0

Comments