MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dbd9a79854e2d7627a1ce5458f9c6a08c6df1aca17e02b6ac40c1a3e0f8df3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 3dbd9a79854e2d7627a1ce5458f9c6a08c6df1aca17e02b6ac40c1a3e0f8df3a
SHA1 hash: cac5a874d339871b247d832cabe3881735cbd3a9
MD5 hash: ba49e5feff5d7db00838af0fd108ccbb
File name:dowd bankowy.pdf.gz
Download: download sample
Signature GuLoader
File size:24'870 bytes
First seen:2020-05-22 15:03:18 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 768:EmtTHvLK5Dmjoqclp5ztrfzGlU/vfiik/:xHvLK5Dmtc/Dz0U/n2
TLSH 5DB2D1399A956D4E45F0C87B00E25D694FADC44CFF73D606C46B8BAF143429E4D863C6
Reporter @abuse_ch
Tags:geo GuLoader gz POL


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: techdata.pl
Sending IP: 209.58.149.73
From: Graczyk, Daria <Daria.Graczyk@techdata.pl>
Subject: Fw: DOWÓD FAKTUR PŁATNOŚCI
Attachment: dowd bankowy.pdf.gz (contains "dowód bankowy.pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1dsmROHC1JlAbWrI367jfmsm1WsShvxAX

Intelligence


Mail intelligence
Trap location Impact
Global High
# of uploads 1
# of downloads 25
Origin country US US
ClamAV No detection
VirusTotal:Virustotal results 14.75%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 3dbd9a79854e2d7627a1ce5458f9c6a08c6df1aca17e02b6ac40c1a3e0f8df3a

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments