MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fea2a26f72ed580028039f7c3b30b76ec2af5ca9d60a62894c9e3c6fbf65bf1d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fea2a26f72ed580028039f7c3b30b76ec2af5ca9d60a62894c9e3c6fbf65bf1d
SHA3-384 hash: 3ca2a8a916027e48aee6f8795518d9065484a2b6aebb3a76cee0a778583137f181a356c46fd4a80e06fe36afbb418a53
SHA1 hash: a254368912fd6573cfb953b28dcfc348c78374d3
MD5 hash: 4c88b4c4c11099512695baee3cfeb96a
humanhash: green-bravo-pip-wolfram
File name:777504307241.GenesisAWB_PDF.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:45'114 bytes
First seen:2020-06-08 12:14:12 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:UQyrPeZIye67w7vDx4obH5/K7Z5XPx8zmwzM5RNSmenl+je2OKdWu3ioMLZf0Haq:U5r2Q67w7vDBK73XPRdSjnlsndWmioKG
TLSH 1B1301A7132050C872C746F445B976DFC5B9F12763C40790261AEADA4F88B14B2FDF5A
Reporter abuse_ch
Tags:FedEx GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-in-pg1.advancedserverdns.com
Sending IP: 103.12.211.15
From: FedEx CCS <clearance_cs@fedex.com>
Subject: [EXTERNAL] : FedEx PRE Notification of Arrival - AWB# 770116605315 // Jakarta: Need BC23 Confirmation
Attachment: 777504307241.GenesisAWB_PDF.gz (contains "777504307241.GenesisAWB_PDF.exe")

GuLoader payload URL:
https://asmobilya.com.tr/AmHome_bhPixbUN54.bin
https://cmdtech.com.vn/AmHome_bhPixbUN54.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.681950.26137.30067.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 12:16:06 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=72rke33s5vmaakadt56dwmfxn3bk6xfj2yfgfckmty6g7p3fx4oq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz fea2a26f72ed580028039f7c3b30b76ec2af5ca9d60a62894c9e3c6fbf65bf1d

(this sample)

GuLoader

Executable exe 625d65e2f28c0eb382f79567e2688de8188fa6606f6add912c74305c6f560718

  
URLhaus
https://urlhaus.abuse.ch/url/370271/
  
Dropping
MD5 4638c767c31b5b1e4c142c460ad7968e
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 625d65e2f28c0eb382f79567e2688de8188fa6606f6add912c74305c6f560718

Comments