MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f75a4cb2c10c126509a06e019534655c15e0f1f2f227241c7c3c3a013a975ddb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f75a4cb2c10c126509a06e019534655c15e0f1f2f227241c7c3c3a013a975ddb
SHA3-384 hash: 755a3f3ca9caf6af6a058438bf0c2382dc825228cbaf3a732ced5765e5a8997970035b1ebe73826b32b5560b33c34579
SHA1 hash: 834a035e1d653528765660f8a4a7c66ffbe656b7
MD5 hash: 4630d3e2e6ae57d184f58c1fc76fae97
humanhash: utah-hot-bulldog-friend
File name:PEMBAYARAN COPY TT_PDF.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'239 bytes
First seen:2020-06-03 13:08:48 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 1536:gh98jSZWnsxByWWI+Ih2VLdGKcjbcdpFAW0qrbTSQp0:tjSZWs6WWIvI5dh/dT10qnWQp0
TLSH 59630238B6A4B1BACA11F9A90CA4BBF1BB5E65534F6F955028FF4D0292ACDC00FD5184
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cpanel.namahosting.id
Sending IP: 202.138.226.66
From: (BCA) Jakarta Corporate Banking Department <yoyok@kwarsahexagon.co.id>
Subject: Slip Pembayaran - Pembayaran dikirimkan 29/05/2020 (Pengingat Terakhir !!!)
Attachment: PEMBAYARAN COPY TT_PDF.gz (contains "PEMBAYARAN COPY TT_PDF.exe")

GuLoader payload URL:
https://cmdtech.com.vn/MY_XXX_VUVHawg214.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:38:10 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=65nezmwbbqjgkcnanyazkndflqk6b4ps6itsihd4hq5acouxlxnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz f75a4cb2c10c126509a06e019534655c15e0f1f2f227241c7c3c3a013a975ddb

(this sample)

GuLoader

Executable exe 8357fd2e6327d05c86d6e2729b65eafaf756322bc1e7bb7878cf75595c40abe2

  
URLhaus
https://urlhaus.abuse.ch/url/371510/
  
Dropping
MD5 2d1a02097fabb443a8cd09ed3f2ee6e0
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8357fd2e6327d05c86d6e2729b65eafaf756322bc1e7bb7878cf75595c40abe2

Comments