MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f78bc29cb7e536dc7c07a767b8957ffd1765c9b513bfb949b348b13260568d2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f78bc29cb7e536dc7c07a767b8957ffd1765c9b513bfb949b348b13260568d2b
SHA3-384 hash: 79854442f0a05440b2b0d35af80056472cd6c08f26b5771ca20e1b55d221e209244ae7636dfffe58338936b48db920ac
SHA1 hash: 3ecb564aa1bcb7156b3d908c26043f6679fbe385
MD5 hash: 56ed61190196837b0b6c13a91af93d72
humanhash: nevada-berlin-gee-uranus
File name:HSBC PAYMENT SLIP.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:30'983 bytes
First seen:2020-06-10 06:50:38 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:xckiBhPfd+4dqQrgM6HnmZh3Cph7Ag+feYTkuBBA8+Z:evBFd+4KMamZQdmeqkuM8+Z
TLSH 89D2E1B4C2389E7C5D06FAB401E01DD0E5412965B3C79A90ED43BBFC49E8260AFAF5D2
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: host.sidhiciang.net
Sending IP: 67.222.24.138
From: Mandiri Cash Management <tax@suryaindo.com>
Subject: PEMDOEXP - PEMBERITAHUAN DOKUMEN EKSPOR
Attachment: HSBC PAYMENT SLIP.gz (contains "gunzipped")

GuLoader payload URL:
https://kinansreview.com/build_NEW_gLpjIcLUO232.bin
https://cmdtech.com.vn/build_NEW_gLpjIcLUO232.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Malwarex-8014471-0
Create hunting rule

Win.Malware.Malwarex-8014474-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 06:52:11 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=66f4fhfx4u3ny7ahu5t3rfl77ulwlsnvco73ssntjcyteycwruvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz f78bc29cb7e536dc7c07a767b8957ffd1765c9b513bfb949b348b13260568d2b

(this sample)

GuLoader

Executable exe 54d3e50350cb0e6e43cae0d762829aeab02a389142d24d5c8d71c413e1d77842

  
URLhaus
https://urlhaus.abuse.ch/url/369924/
  
Dropping
MD5 0faca209aaa435ac86116d8e91ca3506
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 54d3e50350cb0e6e43cae0d762829aeab02a389142d24d5c8d71c413e1d77842

Comments