MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 788e2b020b19799a89650c81cab82d8be010d5d9d9b8a45f765648a252555139. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 788e2b020b19799a89650c81cab82d8be010d5d9d9b8a45f765648a252555139
SHA3-384 hash: 55ff243018af417c388e415b7b12edf9a89b5b110344e2ce72fc38a69c230e3024d4bfacf1eeba3afcc6aead05114b5d
SHA1 hash: 8bdfd261bf24307fbde6939f76ddc4d1dcd6b467
MD5 hash: caf1699d6be063870237f58d7d71642e
humanhash: cup-quebec-iowa-orange
File name:DHL.78314578413.pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:43'733 bytes
First seen:2020-06-08 14:46:47 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 768:S7YWRoHnvYAuNS0CpZXvjKHD+0zcUvQoof7ASJz9IjANf/ERU1eOgpjzt3y:MYWEvnESzpZXvjZynQd50AhESdwi
TLSH 0A1302651558A287F31C2E5FABDF88CAC7366C6558C7A75159EF44AEBF30A100C890F2
Reporter abuse_ch
Tags:DHL GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: aa98419.online-server.cloud
Sending IP: 74.208.129.40
From: billing <billing.expressec@dhl.com>
Subject: DHL Express shipment-DHL.78314578413
Attachment: DHL.78314578413.pdf.gz (contains "DHL.78314578413.pdf.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1-zS-XbyvPEGZIg_C-Vu19Uzdag6GWC_Z

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 14:48:06 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pchcwaqldf4zvclfbsa4vobnrpqbbvoz3g4kix3wkzekeusvke4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 788e2b020b19799a89650c81cab82d8be010d5d9d9b8a45f765648a252555139

(this sample)

GuLoader

Executable exe 1262d63aabec1fe6b68df348419485b7bbe4fecec2bac3cdcc4fe42b12d24d96

  
URLhaus
https://urlhaus.abuse.ch/url/383164/
  
Dropping
MD5 b2e995274671b4fd4b4908eb76777c95
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1262d63aabec1fe6b68df348419485b7bbe4fecec2bac3cdcc4fe42b12d24d96

Comments