MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14814990e7c554b6e7ffb8da016007705c9d330420a7bf1098e4b21ce25c068f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14814990e7c554b6e7ffb8da016007705c9d330420a7bf1098e4b21ce25c068f
SHA3-384 hash: 46ae78c397c2ddd499fd15f254072a5ffd341a4bc5a50a587b6acd969f9ce58b6614d40f67673074f9c40d2e31e8cf14
SHA1 hash: fb837f8d5c35d689c3a22f9da30083255d9f480e
MD5 hash: 83cf69f9d204e90b7992e75578e3e5cb
humanhash: mirror-juliet-thirteen-uncle
File name:Scan Docs_pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:58'190 bytes
First seen:2020-05-28 13:15:28 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:x7TgBsCT/xgdGCESvmL69vY8dZ6gE0hbjAx+Pz7xW8GtX77vWRcPxmGdrhXALFML:NTgBsCmVvV9rE5x+SXNP97H/kMsVE
TLSH 214301496C95362DBEF42DF9D4BD4369419449B38D4D28163D24983F8BBB4F832E82CE
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hosting.comfrel.org
Sending IP: 162.241.208.147
From: ROKONMA (S) PTE <azlina@rokonma.com.my>
Subject: Please send me price list.
Attachment: Scan Docs_pdf.gz (contains "Scan Docs_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1znNEgGZFb1EJ4dpSjSaD4eJjLNVa30r1

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodGzip-A.29786.25907.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Malware.Drodgzip
Create hunting rule
Status:
Suspicious
First seen:
2020-05-28 13:37:19 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
4 of 47 (8.51%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 14814990e7c554b6e7ffb8da016007705c9d330420a7bf1098e4b21ce25c068f

(this sample)

GuLoader

Executable exe e8aea93df30f3e8bd0542030dc4c31c561bdcd1e176a9835372a7d3508750ccf

  
URLhaus
https://urlhaus.abuse.ch/url/371068/
  
Dropping
MD5 c93aa724405749dcb8c009bee68d64f8
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e8aea93df30f3e8bd0542030dc4c31c561bdcd1e176a9835372a7d3508750ccf

Comments