MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d99be0c1d0865e185e26d83a7903f51484cb3204be72e52fc5dd51d4c3a77db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d99be0c1d0865e185e26d83a7903f51484cb3204be72e52fc5dd51d4c3a77db
SHA3-384 hash: 178088d34dc790c091c064a077928062900e0d7896842fdfca385f34549e2c244ed9561efd7713cf018ea54c2732afd3
SHA1 hash: 7f79bccec8fd8135cd38683708cce3d085fa18ab
MD5 hash: ca7ce328a215874422478f4c453c45bd
humanhash: may-spaghetti-five-princess
File name:shipping docs.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:32'401 bytes
First seen:2020-05-27 18:26:58 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:JUYwUp8XmGfQ2gzDlRHtP0EDQPq/2A/O9JqD4CGiNxN:JZwWAQZzDlRHx0eQPquXqDBDND
TLSH 50E2F13B6532E357C24C63EA71BF9194932496B3A38D240C530B5CEE8AD94A415876ED
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.skylinesservices.com
Sending IP: 162.241.235.200
From: DHL Express <support@dhl.com>
Subject: Fwd: DHL Shipment Notification : 7348255143
Attachment: shipping docs.zip (contains "shipping docs.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1S8LYvuxVnIdDZo2iqC_uwAoLmEVFdhRR

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:15 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 3d99be0c1d0865e185e26d83a7903f51484cb3204be72e52fc5dd51d4c3a77db

(this sample)

GuLoader

Executable exe 28de8f6722499072f48c519ac1b2f318f56f1a800fb3db515d0700d5f4b1db50

  
URLhaus
https://urlhaus.abuse.ch/url/370062/
  
Dropping
MD5 82b83330e1afd29d3f2d916f7f35e135
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 28de8f6722499072f48c519ac1b2f318f56f1a800fb3db515d0700d5f4b1db50

Comments