MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52b32189e5230e9745cc70155cf771a0f524defae1bb31f12390bf17fcb8704a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	52b32189e5230e9745cc70155cf771a0f524defae1bb31f12390bf17fcb8704a
SHA3-384 hash:	c71362e0bbf958cf7014aa42bf1458279cc68df67864336a93fca6b89c5ae3d9a968ab143f14b3d422f880394f500fc5
SHA1 hash:	5053d937a6af68d31d1ecebb35567ab22158fe12
MD5 hash:	039fef0eb84c4d364d93d053eba4c5bc
humanhash:	black-music-kansas-ink
File name:	OUR REF 2401ALMS-1100230011.PDF-eml.gz
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	30'893 bytes
First seen:	2020-05-26 13:40:45 UTC
Last seen:	2020-05-28 19:44:29 UTC
File type:	gz
MIME type:	application/gzip
ssdeep	768:y4KxSuu/kOX5Vzjgb8f7aLpz4/JzoyPBnzAFbvTzKMqhnnsxTS8:yxSuufVYb8jOz4FZnWvXb+na/
TLSH	8DD2F185B0718391FA42C3116B92EEAD3F73F54935A267565182CB87323663D6847BCC
Reporter	abuse_ch
Tags:	GuLoader gz

abuse_ch

Malspam distributing GuLoader:

From: Graham Urry<info@hoss-mecyberia.com>
Subject: FWD: OUR REF :2401/AL/MS
Attachment: OUR REF 2401ALMS-1100230011.PDF-eml.gz (contains "gunzipped")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1U5Les8JGyuyoHbmTfcmcrCYjqJvY4Ecl