MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb19b96a4a314b05a620be070b63eb0f3d057dba17588fc5b5fe17f9f2fcb191. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: eb19b96a4a314b05a620be070b63eb0f3d057dba17588fc5b5fe17f9f2fcb191
SHA1 hash: fda46a3fdcb97359fffb8be1a8e2f1155ede24ea
MD5 hash: b3a3b09759590b0d25d65a5870e12c3a
File name:proof of payment.pdf.7z
Download: download sample
Signature GuLoader
File size:23'267 bytes
First seen:2020-05-22 09:57:19 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 384:wzN0D1HKoy0aQO6dWMSlar4tRv6MPLlqCmJMzRl8Vshnh:wZ8M2O6dlSls4lZqCmJM9e2
TLSH 7AA2F1C81354A42D90FC46F132B435B02E846A617A97BAC6A3F1EA1C5FCF2250469F32
Reporter @abuse_ch
Tags:7z GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: forefrontmedical.com
Sending IP: 209.58.149.73
From: iris.zhang@forefrontmedical.com
Subject: Fw: PROOF OF PAYMENT INVOICES NO 15008145-1557166
Attachment: proof of payment.pdf.7z (contains "proof of payment.pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=127c4CGzSqhmQ60jgP8KwDRi_ZOe0Rwl0

Intelligence


Mail intelligence
Trap location Impact
Global High
# of uploads 1
# of downloads 22
Origin country FR FR
ClamAV No detection
VirusTotal:Virustotal results 35.59%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

7z eb19b96a4a314b05a620be070b63eb0f3d057dba17588fc5b5fe17f9f2fcb191

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments