MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b6f4b728c8475692c2bffb3bb23b3b23ea6cd681808db2874d623f2e4d69b3c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b6f4b728c8475692c2bffb3bb23b3b23ea6cd681808db2874d623f2e4d69b3c
SHA3-384 hash: 4122906cfc568602f7a72e20876bc8b8f3aa2318650aaa2ef9e668d6e1c87b8afa351b6cb9041411415d0679f90d1e36
SHA1 hash: a0bd55a3aef837fbcc93d917a440e6a933305f93
MD5 hash: cfa82fc09f0372daec8b4240ae9df10e
humanhash: happy-spring-thirteen-undress
File name:Dhl Consignment Details_pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:41'227 bytes
First seen:2020-06-09 06:14:24 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:7Xm5TfRlPsG0HseQatqM+KOApNek4QPaTO5B+p1NZyCUvZDz/QE9B7Y9kCaKpt:7WRfDPf0MqQWD547mBCNyR5z//CaG
TLSH AB03F21D33D2CCABCEBCCC6582498966D37D65F851A439132D7CA9C5E9FE987890009E
Reporter abuse_ch
Tags:DHé GuLoader gz Loki


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.754.domiwpo.press
Sending IP: 161.35.112.28
From: DHL Delivey Report<dhl@754.domiwpo.press>
Subject: DHL CARGO ARRIVAL NOTICE
Attachment: Dhl Consignment Details_pdf.gz (contains "Dhl Consignment Details_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1VaKH-rNKDI_4jGoYwCbY9I5lOKWUzjIv

Loki C2:
http://198.23.200.239/~boxing/.tcsogb/vc.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 06:16:08 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dnxuw4umqr2wslbl76z3wi5twi7kntlidaenwkdu2yr7fzgwtm6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 1b6f4b728c8475692c2bffb3bb23b3b23ea6cd681808db2874d623f2e4d69b3c

(this sample)

GuLoader

Executable exe 34c9285a6b094968258fffe94cb3339c1715cbc6b8db1d309f7075eb0afda2d0

  
URLhaus
https://urlhaus.abuse.ch/url/384273/
  
Dropping
MD5 42b6d0086ed6087d4e623a150bb8dd3e
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 34c9285a6b094968258fffe94cb3339c1715cbc6b8db1d309f7075eb0afda2d0

Comments