MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 267265d715cece998e34d56c4b4db380b1c20a5feda003899de6796e2d75b44c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 267265d715cece998e34d56c4b4db380b1c20a5feda003899de6796e2d75b44c
SHA3-384 hash: 20a70de337421e7a4f9464a2b55204ded56243476bb18f3fdf0f23f605b9dce42ab29abcca58ad53ef498ef9cf792686
SHA1 hash: b7e1ecaa3020b2f1a6b5601181f07e39a71fe773
MD5 hash: 6a9cd6aa020bed498a4f2b591cf4dc16
humanhash: jig-early-triple-social
File name:DHL Consingment-pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:41'256 bytes
First seen:2020-06-09 06:40:44 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:QZeUopwh4ULgGqPqlalldIN936uWt3hLN8mt9HbSCDcyxvJzfgTCFgmLVU1ZQNhp:QVopw1gBOatIP36JtxLzrjDcOvJzfjxf
TLSH 01030144B353DBFC07A60BC19B0470E6D86BFD686F204195F249A03B592E4A6BE80FC8
Reporter abuse_ch
Tags:DHL GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.754.domiwpo.press
Sending IP: 161.35.112.28
From: DHL DELIVERY REPORT <dhl@754.domiwpo.press>
Subject: dhl delivery notificatiom
Attachment: DHL Consingment-pdf.gz (contains "DHL Consingment-pdf.exe")

GuLoader payload URL:
https://automarsel.pl/2ND_OhXwqURK78.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 06:42:04 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ezzglvyvz3hjtdru2vwewtntqcy4ecs75wqahcm54z4w4llvwrga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 267265d715cece998e34d56c4b4db380b1c20a5feda003899de6796e2d75b44c

(this sample)

GuLoader

Executable exe f78f5eeea8bfec17ed985d71b265dd5be1bb90f781004a6a473e2e116abe144e

  
URLhaus
https://urlhaus.abuse.ch/url/378988/
  
Dropping
MD5 de1045ded531d4446030f3f7287e4879
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f78f5eeea8bfec17ed985d71b265dd5be1bb90f781004a6a473e2e116abe144e

Comments