MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c85a5064c40c7125ea5dcdc5b5bda1974fc410a11533e09b88ace25a6ee5b3a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c85a5064c40c7125ea5dcdc5b5bda1974fc410a11533e09b88ace25a6ee5b3a2
SHA3-384 hash: b65ac81fe5d37a626edb3a15d6940533c028c41fd2547d0a13ec34e88cb2a7ba3b2017c4b1696355cfc1615b4e83cafb
SHA1 hash: bd903a329d4f084891bf4cafcd435ccd79f979ed
MD5 hash: 222247ccf299eab836e27b32254de26a
humanhash: edward-maine-island-apart
File name:DHL Shipping Documents_jpg.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:21'581 bytes
First seen:2020-08-10 12:49:41 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:YbsTKp1jHlJ19PQcjCisX2JWGGFwKtK+/CAlHlc0690qPpTVKd+b2W1DuBk:YbsGLrPQHmDc3F69/PKdrW16k
TLSH D9A2CF678EE7546882CA397EB40E4E594A073FCF592483D3D6B34D104EDB99B28C85B8
Reporter abuse_ch
Tags:DHL GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mta0.bosum-mould.com
Sending IP: 104.168.220.7
From: DHL EXPRESS <info@bosum-mould.com>
Reply-To: paulas@sigrnfg.com
Subject: Original Shipping Documents Commercial Invoice ,B/L
Attachment: DHL Shipping Documents_jpg.rar (contains "DHL Shipping Documents_jpg.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=8E778D4A23C91A07&resid=8E778D4A23C91A07%21254&authkey=AMd_OEsUIxZ4dRE

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c85a5064c40c7125ea5dcdc5b5bda1974fc410a11533e09b88ace25a6ee5b3a2/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zbnfazgebrysl2s5zxc3lpnbs5h4iefbcuz6bg4ivtrfu3xfwora._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c85a5064c40c7125ea5dcdc5b5bda1974fc410a11533e09b88ace25a6ee5b3a2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar c85a5064c40c7125ea5dcdc5b5bda1974fc410a11533e09b88ace25a6ee5b3a2

(this sample)

GuLoader

Executable exe 1bbb7a110f15909ed9997e96ecb3f5322fb50eacc9b63670f7897ebfb62d8f91

  
URLhaus
https://urlhaus.abuse.ch/url/428298/
  
Dropping
MD5 a9a633957222953cb7423eadfdd19725
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1bbb7a110f15909ed9997e96ecb3f5322fb50eacc9b63670f7897ebfb62d8f91

Comments