MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f353fb602eb036492ffed49e7f71cf9f27cb06db3e07c316b027c63a5f31b8d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	f353fb602eb036492ffed49e7f71cf9f27cb06db3e07c316b027c63a5f31b8d8
SHA3-384 hash:	d38602b212f4496910f99ecee49218eb1c2d789b23b9c4904dfb8fd9e1cedc41817214e77bcff8d5b18b7bef2e59170c
SHA1 hash:	e1fc30f9d05e99b70644297c749d4590181484b6
MD5 hash:	fff409d3d7ae05b1491e41eedcee2e21
humanhash:	ten-sierra-texas-ink
File name:	PDF.PO 4507600698 - Rev 01-PDF.gz
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	26'459 bytes
First seen:	2020-05-20 08:43:33 UTC
Last seen:	Never
File type:	gz
MIME type:	application/gzip
ssdeep	768:Z6p5sMdnDV2I2PGx4+tmqeZRshTQqePiuZVa:ZOr2PGaCHpQqtQI
TLSH	DBC2E152DBCD2EE770F8EDAB03BDF1569FE7813C5009AE2ED0A17B521225D1F5491202
Reporter	abuse_ch
Tags:	GuLoader gz

abuse_ch

Malspam distributing unidentified malware:

HELO: mail0.82.igfxinvest.com
Sending IP: 68.183.88.97
From: Kelsey Morrison <kmorrison@82.igfxinvest.com>
Subject: PO # 4507600698 - Rev 01
Attachment: PDF.PO 4507600698 - Rev 01-PDF.gz (contains "gunzipped")