MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6050a4bd5b4acbdda7b0f98419957d2b126e389f2a554c5af1dbdb6be485a92e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6050a4bd5b4acbdda7b0f98419957d2b126e389f2a554c5af1dbdb6be485a92e
SHA3-384 hash: de817284a54b58da718257e2937163bad3846e24e3556889030921631adc843d8c8df18366bb892687d7b0a22d86d1ff
SHA1 hash: c948f32866c33e3968c236db7c9fd7d4842f2c0e
MD5 hash: 73a7987a97a18b824db0392f6d4ac3d3
humanhash: cup-pizza-potato-london
File name:DHL Consignment Details_pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:76'074 bytes
First seen:2020-06-03 13:17:37 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 1536:TorRUILvCr1MXVkgrKHgBuqvWGEl5x92BunNSdXOy3CL:TorRUILvA1gNKeuqvWf5xMun
TLSH B9730231FF3DD9E2F0BC8F4320C3E923A9A869007BC4A616687BA9F94FB14D50590568
Reporter abuse_ch
Tags:DHL GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.468.celumltd.casa
Sending IP: 165.22.200.97
From: DHL Express <service@dhl.com>
Subject: DHL Consignment Details
Attachment: DHL Consignment Details_pdf.gz (contains "DHL Consignment Details_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1MGSebotq_HxQK4hDRcrPonqZFhEOIfvG

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:37 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mbikjpk3jlf53j5q7gcbtfl5fmjg4oe7fjkuywxr3pnwxzefvexa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 6050a4bd5b4acbdda7b0f98419957d2b126e389f2a554c5af1dbdb6be485a92e

(this sample)

GuLoader

Executable exe 7d7ed3c072fa7c497d96ae8559d877713278100e6e221bb913878665088965fa

  
URLhaus
https://urlhaus.abuse.ch/url/376191/
  
Dropping
MD5 6e3f42e727b0ce5defb1e7ef7a5c7719
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7d7ed3c072fa7c497d96ae8559d877713278100e6e221bb913878665088965fa

Comments