MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2c4db40f120a49cc9966e9b901a6e26827ab127a47f98ee33ed70426b3fcb8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2c4db40f120a49cc9966e9b901a6e26827ab127a47f98ee33ed70426b3fcb8f
SHA3-384 hash: 506f6f4b95d57e450196cea5ef0aeb8af882a0a3987f0d7682c9ddafd187831cc730fcb29a64d15d1c719a4666f084ee
SHA1 hash: 86a1a6738b3474363545311be0be5ced0cffec23
MD5 hash: e1a3e7b10b9f45257fcfed1451338797
humanhash: fillet-item-seventeen-yankee
File name:eInvoicing_pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:76'462 bytes
First seen:2020-06-03 13:17:30 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 1536:t+ScqL8VEvvtBzXq2nXgrKHVQYKIO3nQMa97p78dJWjROInUYJBQts:t+SBXvtg2nKK1QYKI8nE9NiSjUYJuts
TLSH ED7312F024F59166D649D9F444AE3FB4247CAFA26BF52B4AF60B22026B4D402C1D37F6
Reporter abuse_ch
Tags:GuLoader gz TNT


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.469.celumltd.casa
Sending IP: 139.59.65.223
From: eInvoicing<support@tnt.com>
Subject: TNT Original Invoice
Attachment: eInvoicing_pdf.gz (contains "eInvoicing_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1E-TEnTkl7iCuxnwomebx5928JG2jmkV9

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Hdpo
Create hunting rule
Status:
Suspicious
First seen:
2020-06-03 13:38:07 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6lcnwqhrecsjzsmwn2nzagtoe2bhvmjhur7zr3rt5vyee2z7zohq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz f2c4db40f120a49cc9966e9b901a6e26827ab127a47f98ee33ed70426b3fcb8f

(this sample)

GuLoader

Executable exe e8dda9e99f125c3ecf5c3ae873ac202105208fd0aafbdcec927005343f02f71d

  
URLhaus
https://urlhaus.abuse.ch/url/376184/
  
Dropping
MD5 46a42c488d80f309a2af3f239745ac6b
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e8dda9e99f125c3ecf5c3ae873ac202105208fd0aafbdcec927005343f02f71d

Comments