MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b1cc8a7d49727ba8c3d394a42f215e82e24905f980694c24b2b3e4a1f43589f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b1cc8a7d49727ba8c3d394a42f215e82e24905f980694c24b2b3e4a1f43589f
SHA3-384 hash: 8b1f6f791fb5daa7beda96b090fea7dda9921ed428e2e616eabcd7734076cce4e7c6c0e303012c04e0754321ddcc9249
SHA1 hash: cb5160f37656b67b5431d4fcc71b2ce585081285
MD5 hash: 619f17a76876f2e6d7d31b15ef2cfde2
humanhash: early-mobile-august-mobile
File name:14052020.pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:75'485 bytes
First seen:2020-06-04 06:02:17 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 1536:hzqbinPrmzEL9igrKHUInNcO3SaWIe6LrDAP1hPNo9QcD7wOh:hqpzaXK0UDSQDQ1hCd8Oh
TLSH D77302F1FA240F8CB9801D9171AD7F16279F5CB22786BC0DB1CBDF396A95946144216C
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.468.celumltd.casa
Sending IP: 165.22.200.97
From: MRS-MARINE SERVICES <prc@mrs-marine.com.my>
Subject: RFQ For RFP 14052020 GSK Montrose
Attachment: 14052020.pdf.gz (contains "14052020.pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1uKH38X1hpTHHLFFEKQ90LWcpiOUV1_td

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27281.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 13:14:56 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tmomrj6us4t3vdb5hffef4qv5axcjec7tadjjqslfm7euh2dlcpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 9b1cc8a7d49727ba8c3d394a42f215e82e24905f980694c24b2b3e4a1f43589f

(this sample)

GuLoader

Executable exe 6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183

  
URLhaus
https://urlhaus.abuse.ch/url/378979/
  
Dropping
MD5 a867475b7dd2e6ca17745cab99e603e9
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183

Comments