MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 405eb9f9561367739c1d474bd236237be43bc0565da744690a52dab80627ef3c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 405eb9f9561367739c1d474bd236237be43bc0565da744690a52dab80627ef3c
SHA3-384 hash: c9574502205ba34bf5aa3c647ec33e181e3887b1b44d7085251eb0454690dc2d27a5672cf0933554981eaef43357fde4
SHA1 hash: fd7c836bebb3ec753861fc19291e458cc630edb9
MD5 hash: d91886316da90c5bef63e96de8539d06
humanhash: avocado-delaware-north-six
File name:Detalles del pago.pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:42'741 bytes
First seen:2020-06-05 13:29:05 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 768:HiZas/m5S6+9OV6LSHc+F164bDBMC3eljXAGKgepIgw3hm9upq6BfYvbx4dJ:Hi3/Nx9ugSHcB4yCAjXAGipIgU8upTmY
TLSH A313025DB27BA65CBCC78E4896DA78A9020F8DDD91A4ED8010CA5BC970F9DA5DC0C3F0
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: aa98419.online-server.cloud
Sending IP: 74.208.129.40
From: Coreptec S.A. Christian Naranjo <Christian.Naranjo@coreptec.com>
Reply-To: Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>
Subject: Re: PAGO ATRÁS DEVUELTO TT (Ref 0180066743)
Attachment: Detalles del pago.pdf.gz (contains "Detalles del pago.pdf.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1VMSPScK2rNubJ_KGvCwLb55RePxH41EP

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 13:33:07 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ibplt6kwcntxhha5i5f5enrdppsdxqcwlwtui2ikklnlqbrh546a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 405eb9f9561367739c1d474bd236237be43bc0565da744690a52dab80627ef3c

(this sample)

GuLoader

Executable exe a47ef7ee964cc40c9058890fc7194db6937d37651957cc8662a3ba389f73f113

  
URLhaus
https://urlhaus.abuse.ch/url/379642/
  
Dropping
MD5 f25c6d43573270bef392054c43e8d390
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a47ef7ee964cc40c9058890fc7194db6937d37651957cc8662a3ba389f73f113

Comments