MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 710c0f9d85b257932cceb0a3e8826b2a190d1e1dc10b9c155f14bada66e538a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: 710c0f9d85b257932cceb0a3e8826b2a190d1e1dc10b9c155f14bada66e538a0
SHA1 hash: 8981648d4854cec2a8e7f2cf9f429d0333df7efd
MD5 hash: 623a258bef20ffe6422162ad40d4de91
File name:777504307241.GenesisAWB.PDF.gz
Download: download sample
Signature GuLoader
File size:25'845 bytes
First seen:2020-05-23 11:52:42 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 384:J2VZJS+AANc7glwKnlnwrlASwVnoqifEo6oEwIJCCcBSH6SWAcE:JwZ4+A2c7g+KRuGVoqFLoEICiHAv
TLSH 73C2F1483D50E5A83C917F75CEB3C8A66E5DCA14E54EEB343014BC4A2AD9A37CF76680
Reporter @abuse_ch
Tags:FedEx geo GuLoader gz ISR


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: ganesa.dua.rumahweb.com
Sending IP: 103.253.212.231
From: Fedex Station Admin Office <sales@estuadiarta.com>
Subject: [חיצוני]: הודעה על הגעה ל- FedEx על ההגעה - AWB # 770116605315 // צריך אישור BC23 ????????
Attachment: 777504307241.GenesisAWB.PDF.gz (contains "777504307241.GenesisAWB.PDF.exe")

GuLoader payload URL:
https://heavenfort.in/MY_XXX_VUVHawg214.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 24
Origin country US US
ClamAV SecuriteInfo.com.Variant.Ursu.878571.22007.308.UNOFFICIAL
VirusTotal:Virustotal results 25.81%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 710c0f9d85b257932cceb0a3e8826b2a190d1e1dc10b9c155f14bada66e538a0

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments