MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27f7bc07f450818f5460b6f2ae6a87674c01967b3c9346148798a3b3f1f101e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27f7bc07f450818f5460b6f2ae6a87674c01967b3c9346148798a3b3f1f101e5
SHA3-384 hash: cf8e93a9543fbadff6896f65987f61ea5ed7ca37a5f3ade0bb4c601a6c7712682b94fe22d3ceddfa526fecde08873a43
SHA1 hash: aaba8b6234ffe78566b15e72e4a20f78489fa519
MD5 hash: 23527ee32c8c8c3aee6c240e8574feb4
humanhash: september-glucose-high-venus
File name:Scan001.pdf.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:38'593 bytes
First seen:2020-06-02 11:00:01 UTC
Last seen:2020-06-02 11:01:15 UTC
File type: zip
MIME type:application/zip
ssdeep 768:f9kAWnDRKMs8lJIkF2fxNrHfElQlBDH0/2NUhmozeMCslDELUsteTUOTK0X:VkAUDRKMH/FiBOUBj0/GUYweIDdsteGc
TLSH 0303E1D610C82157C76931D07B6BA5C8D4C8BEFA6142B470B93B0AF6872A57C45F2CAE
Reporter abuse_ch
Tags:GuLoader HSBC z


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.tedfuye.xyz
Sending IP: 198.44.14.215
Subject: HSBC Notification For Wire Transfer Ref No {049581673}
Attachment: Scan001.pdf.z (contains "Differ.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=11NAZslAWBWkK1b4dFviELvvgWl48QHr6

Intelligence

File Origin
# of uploads :
2
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 04:02:25 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e733yb7ukcay6vdaw3zk42uhm5gadft3hsjumfehtcr3h4prahsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 27f7bc07f450818f5460b6f2ae6a87674c01967b3c9346148798a3b3f1f101e5

(this sample)

GuLoader

Executable exe 620bfbe0f869898233f419f10b20049d0447d2e47f31d59e403f1d542912b68a

  
URLhaus
https://urlhaus.abuse.ch/url/372236/
  
Dropping
MD5 34add309c7b51399ee7d6c90e3e17603
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 620bfbe0f869898233f419f10b20049d0447d2e47f31d59e403f1d542912b68a

Comments