MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4850d1d4cd34c9860ecb02ad72ac74ec0fc450b3ac6e03254ec6f6768ecb3b3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4850d1d4cd34c9860ecb02ad72ac74ec0fc450b3ac6e03254ec6f6768ecb3b3d
SHA3-384 hash: 4d04a85f0326a6dc731615dd862218ed9bc7eb158132272b620a0857178004e4ad4fa18ca742c991ce13a5256940a8fa
SHA1 hash: 9fd204ed0e28c0cd482f9be30216dd37235961e5
MD5 hash: b312c249e9b868cb4345bcdb16fe2847
humanhash: papa-connecticut-social-football
File name:URGENT MEDICAL REQUIREMENT.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:28'286 bytes
First seen:2021-01-13 20:07:37 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:okHiBtuo/exrmUzntnxmNqdZ1w0Vfxi7E2d5x34cy2Y0x:ouBo2xrmotxBZ64ipr+29
TLSH DCC2E1D835CCC5246A1221E11457B29E590699F3BB73FFB0529BD69A02B88BED5CFC08
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.blackcathostal.com
Sending IP: 68.66.194.83
From: BOBB Heavy Equipment Rental L.L.C. <remesh@bobcranes.ae>
Subject: URGENT MEDICAL REQUIREMENT
Attachment: URGENT MEDICAL REQUIREMENT.gz (contains "URGENT MEDICAL REQUIREMENT.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1xwdGwTWLQhPsVUs9VH4Sdefcrf_TA4Fj

Intelligence

File Origin
# of uploads :
1
# of downloads :
214
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36101855.8877.16519.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4850d1d4cd34c9860ecb02ad72ac74ec0fc450b3ac6e03254ec6f6768ecb3b3d/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-13 12:44:10 UTC
AV detection:
12 of 29 (41.38%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jbindvgngteymdwlakwxfldu5qh4iuftvrxagjkoy33hndwlhm6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4850d1d4cd34c9860ecb02ad72ac74ec0fc450b3ac6e03254ec6f6768ecb3b3d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 4850d1d4cd34c9860ecb02ad72ac74ec0fc450b3ac6e03254ec6f6768ecb3b3d

(this sample)

GuLoader

Executable exe 1a4407fd45881091495f927612c7be23ab6de71949e4192cdc58154986d2c827

  
URLhaus
https://urlhaus.abuse.ch/url/958863/
  
Dropping
MD5 8272ecc1672ecb390cdedb27df85b20d
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1a4407fd45881091495f927612c7be23ab6de71949e4192cdc58154986d2c827

Comments