MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dbfebe0687ac11c5d8031420100a3210962470e5029cc6816beacfc0b252cc10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dbfebe0687ac11c5d8031420100a3210962470e5029cc6816beacfc0b252cc10
SHA3-384 hash: 274af7de5c5ab20f7f187003d400cbf753626c37447620e371ae2fb5b7467ff48da1630bef4fc6da71a8d0e3fec16c45
SHA1 hash: 42bf61645dd5363550f8a49b6500e473ed747f54
MD5 hash: 685b4db04c32a8a7e8ca30bc9b995721
humanhash: illinois-sweet-zebra-potato
File name:KMBT 17-08-2020 Air Waybill-Receipt no AWB 140825003078 TBK Need PIB documentations-pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:14'633 bytes
First seen:2020-08-18 12:59:55 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 384:8XbynDi9D58ZQCiKRv9aYTbYSI8oWE7G6ubTr4EMWcF:8mnDKt82rKF9aCUl8oJGTNU
TLSH FD62C0437A3C86DB5C1AE5D0A351A9EB5A341D452E10241FCF39DE31E2C958AF893D73
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Rachel Liu <sales@gmail.com>
Subject: Electronic invoice generated by DHL Express_Invoice-MAJW-17-08-2020: Air Waybill no 1395482082
Attachment: KMBT 17-08-2020 Air Waybill-Receipt no AWB 140825003078 TBK Need PIB documentations-pdf.gz (contains "gunzipped")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1D5h2KTLDq5FbIvtuKvDZBb8lfQDXvPk2

Intelligence

File Origin
# of uploads :
1
# of downloads :
222
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dbfebe0687ac11c5d8031420100a3210962470e5029cc6816beacfc0b252cc10/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3p7l4buhvqi4lwadcqqbacrscclci4hfakomnall5lh4bmsszqia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dbfebe0687ac11c5d8031420100a3210962470e5029cc6816beacfc0b252cc10

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz dbfebe0687ac11c5d8031420100a3210962470e5029cc6816beacfc0b252cc10

(this sample)

GuLoader

Executable exe 967840dc51b335c1d106b347d2320a63d30d3ef2836eceff1be77bc36c7ef371

  
URLhaus
https://urlhaus.abuse.ch/url/435483/
  
Dropping
MD5 f016429afe99c41e9bd3c925cc01bee7
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 967840dc51b335c1d106b347d2320a63d30d3ef2836eceff1be77bc36c7ef371

Comments