MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34d451e5d317cc63e89cb8b6f8c5ecb1065c5cd295a97388ae88175cee19557c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	34d451e5d317cc63e89cb8b6f8c5ecb1065c5cd295a97388ae88175cee19557c
SHA3-384 hash:	0178f1fe00d88e58f2cc7633a49b78508a89d0577d7ed73ed09ca74aab453b045e3cdab7f1a47357047afd694b0f885d
SHA1 hash:	b923737c8e840d487dbdc60f37166756d4ef8fe9
MD5 hash:	c9ea64f97505eb5a012ccf9ededce21c
humanhash:	enemy-bravo-beer-princess
File name:	HSBC-PAYMENT-ADVICE.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	110'592 bytes
First seen:	2020-06-03 13:07:47 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b800ef2c9fbeb7001a0f6fff93283c54 (2 x GuLoader)
ssdeep	1536:8PsQSPfxV402k63jm4ikgrKHxLdGKc+o0FDHdZ1gI27o8NrZcQ8YZC:8mPX2B3jm/KVdhjFD9z6NJ8gC
Threatray	582 similar samples on MalwareBazaar
TLSH	28B37B17EC4C8653C5544BBC2D178EBA3A0DA80D0D406FDF7539AE9FAE326425CA721E
Reporter	abuse_ch
Tags:	exe GuLoader HSBC

abuse_ch

Malspam distributing GuLoader:

HELO: pkz48-3-spamexpert2.hoster.kz
Sending IP: 185.113.132.44
From: HSBC Advising Service <vladimir@ttk.kz>
Reply-To: payment.advice@hsbc.com.hk
Subject: Payment Advice - Advice Ref:[GLV802192175] / ACH credits / Customer Ref:[GR2019000643] / Second Party Ref:[557072H]
Attachment: HSBC_PAYMENT_ADVICE.arj (contains "HSBC-PAYMENT-ADVICE.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1JpMb1mEpiRaCs_pyH8ELiXNdXVUcEGFH