MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ff525a53843f8ecbf0bda6ad669de4b7e6f5dfb60ce065786c2d4b5a13ae3fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ff525a53843f8ecbf0bda6ad669de4b7e6f5dfb60ce065786c2d4b5a13ae3fc
SHA3-384 hash: cd4a8c62d9cf84376ce6ca450ae72e95497ed4eac6359eadcdd162486ffdd996121defb420dc948b6f080fc138f5edff
SHA1 hash: 59452403a165614c51fcf5321df18252d229d1dd
MD5 hash: 8b653a723011abca7908aa9ee81fdcf6
humanhash: double-cup-fix-october
File name:DHL Consignment Details_pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:45'308 bytes
First seen:2020-06-02 11:20:59 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:NDMCRWZO4lQUBINhtRd/Za5So38ASh2xI/7ubwPYFhCsVUJRZETlashzSc:NQCRJ4uQINp6QPh2u/EyYusrTkshzSc
TLSH 4D13024C00AA6530BBB95E16F916888C777A0428BFB32D1EC16EDFC9759B409DF8C51E
Reporter abuse_ch
Tags:DHL GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.333.drointernational.casa
Sending IP: 139.59.20.191
From: DHL Express <service@dhl.com>
Subject: DHL Consignment Details
Attachment: DHL Consignment Details_pdf.gz (contains "DHL Consignment Details_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1YltrdOT8vHxS4ZM5Q4wail0B1zCDi1Vx

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 00:53:20 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f72sljjyip4ozpyl3jvnm2o6jn7g6xp3mdhamv4gylkllij24p6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 2ff525a53843f8ecbf0bda6ad669de4b7e6f5dfb60ce065786c2d4b5a13ae3fc

(this sample)

GuLoader

Executable exe ec336b0f654ee75fe0e24b09b6504ef9f43486b528281768a976d5ea738e72b2

  
URLhaus
https://urlhaus.abuse.ch/url/374159/
  
Dropping
MD5 62fdcadf49865b7fee3d656b481a7f22
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ec336b0f654ee75fe0e24b09b6504ef9f43486b528281768a976d5ea738e72b2

Comments