MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 212ca23b19aef450d7619d0b8675656923904fa74c055679a02273d32d8b20b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 212ca23b19aef450d7619d0b8675656923904fa74c055679a02273d32d8b20b1
SHA3-384 hash: 53072910e8b8c9a7f307cca07f12aedb533a868f70dca8cf63da1c1836ffcf28d3bd9d0638085fcedeb5aedae9f78e67
SHA1 hash: cab316136acfafb8bb8882ac473c7bce9b7f4e78
MD5 hash: dc8600f1cea11631a1ef9a12220bcd5c
humanhash: may-three-eleven-beryllium
File name:TNT Consignment Details_pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:31'173 bytes
First seen:2020-06-10 11:42:18 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:Hr5tzRFNFfw/jRCXSoDZyFIfInuVizTJV8:HltzlSo9yF4Ik4TJW
TLSH 5BE2F1593AC3C191C1036ED246CB946F3282F6E5CE66E17A2DBF9C522EC99651CCE680
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: newmail.inforang.com
Sending IP: 114.108.163.181
From: TNT Consignment Notification <Admin@tnt.com>
Subject: TNT Consignment Notification for 243740512
Attachment: TNT Consignment Details_pdf.gz (contains "gunzipped")

GuLoader payload URL:
http://bijelizec.hr/download/KEL_YrgDx38.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 11:44:06 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=eewkeoyzv32fbv3btufym5lfnerzat5hjqcvm6naejz5glmlecyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 212ca23b19aef450d7619d0b8675656923904fa74c055679a02273d32d8b20b1

(this sample)

GuLoader

Executable exe 0e03857d8092046a029b954a11b54103b24199258979fb3b78cccb8bcaf627ec

  
URLhaus
https://urlhaus.abuse.ch/url/385331/
  
Dropping
MD5 baf7c927f07147359d538fec809822a5
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0e03857d8092046a029b954a11b54103b24199258979fb3b78cccb8bcaf627ec

Comments