MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 314c3caa4b1a6ccb17a7348cdf0ac7577a6ccc595a4d6cc0f9abcde2befc58d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: 314c3caa4b1a6ccb17a7348cdf0ac7577a6ccc595a4d6cc0f9abcde2befc58d0
SHA1 hash: b359f2c63364264896fa7a49367daf7879803eb1
MD5 hash: d1da99d9f2d055e18f05e121f44883e1
File name:Detalles del pago.pdf.bat
Download: download sample
Signature GuLoader
File size:94'208 bytes
First seen:2020-05-23 11:53:07 UTC
Last seen:2020-05-23 13:13:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a2dfe4eb0644a1cd452aba3a2ea2c7b1
ssdeep 768:A5op+N6/5vp2Y8xf/7Je71vbXwWTcivZX1rJnHv8MroWgD+7s:coEe4FA1vbX3wivPtHjBgn
TLSH 67930A61F060D9F5ED218FF29A3A96E058AB6C3119128B0370DDBB1C3D7370DAA5635B
Reporter @abuse_ch
Tags:bat GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: aa98419.online-server.cloud
Sending IP: 74.208.129.40
From: Coreptec S.A. Christian Naranjo <Christian.Naranjo@coreptec.com>
Reply-To: Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>, Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>, Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>
Subject: Re: PAGO ATRÁS DEVUELTO TT (Ref 0180066743)
Attachment: Detalles del pago.pdf.gz (contains "Detalles del pago.pdf.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1GHqRKU6aLAanHCqSOCTqnW3k_uhA0-Md

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 22
Origin country US US
ClamAV SecuriteInfo.com.Trojan.DownLoader33.44992.20325.174.UNOFFICIAL
VirusTotal:Virustotal results 12.68%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 314c3caa4b1a6ccb17a7348cdf0ac7577a6ccc595a4d6cc0f9abcde2befc58d0

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments