MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7453ab6129ff3c1fefdb3655297547d2878906d96e80904f50f94719f6f56fd1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7453ab6129ff3c1fefdb3655297547d2878906d96e80904f50f94719f6f56fd1
SHA3-384 hash: f38c896a121911577e25c48b2816fa600d438581fd55a3e9d2dc43a2b150a5db13fa3b5a245818a0e85ec1c783ce3504
SHA1 hash: a58e6c3568a542639400acbc40cfd71afe3b57de
MD5 hash: 75fc6b9bd37bb0c6feaed59e217ac4ef
humanhash: blue-north-timing-florida
File name:Shipment Details 10-06-2020·pdf
Download: download sample
Signature GuLoader
Create hunting rule
File size:34'253 bytes
First seen:2020-06-10 12:35:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:Nglsj4868t1OEJzA+sVILes8rb9f/Pzw9nZV7gT7448PGGaHn36f:Na8nV7OEMVIKs8rp3PkF3ukJ+GaHnG
TLSH FFF2F1F3FA99C2ED7CB161D005119B002D79D964A96B4022DCC6067EC3A5DAFE71EAC0
Reporter abuse_ch
Tags:geo GuLoader Shipment Details 10-06-2020·pdf TNT TUR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: zeus.webex.gr
Sending IP: 46.4.69.158
From: TNT Shipment Notification (Turkey) <shipment@mail.tnt.com>
Subject: No.156902370 için TNT sevkiyat bildirimi
Attachment: Shipment Details 10-06-2020·pdf (contains "Shipment Details 10-06-2020·pdf.exe")

GuLoader payload URL:
http://bijelizec.hr/download/IFENAYE%20MAIN_ZXVVbtwxxh151.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27245.ZipHeur.HideExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 12:37:04 UTC
AV detection:
10 of 47 (21.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=orj2wyjj746b7363gzkss5kh2kdysbwzn2ajat2q7fdrt5xvn7iq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 7453ab6129ff3c1fefdb3655297547d2878906d96e80904f50f94719f6f56fd1

(this sample)

GuLoader

Executable exe e3936d05a6f6931946763895cb68f9afc1708643c41c78a179dce0b87f3abc08

  
Dropping
MD5 2eac239b70bedfc4744ba29fe33cb79a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e3936d05a6f6931946763895cb68f9afc1708643c41c78a179dce0b87f3abc08

Comments