MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 050952078d9240cf14a749350e711cddb76e2330336929919832d6a856107ef6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 050952078d9240cf14a749350e711cddb76e2330336929919832d6a856107ef6
SHA3-384 hash: 4e344ecf2f50326c732d84a77e6f7ca0828c27d333f05712f4e89dd54ab8b44b375906c8934c9acf507ef146c58f22a4
SHA1 hash: e37d525df8c2698997fca3de3df316abc91e6800
MD5 hash: 3c1d22c057a3dfff48a80ff4a9148648
humanhash: sixteen-kilo-cola-bravo
File name:NEW PROJECT - Purchase.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-22 09:59:04 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:73wEF1JeO4Unkg4EPpojH8cqLJbFH8nU2w6EyZ4Hq53NFF0Urm0G3Fa:jvJeEkg4skXqLJRH2ZEyZ4O3Nzv
TLSH 96450831B9C0EC13CA6589F26EA74B65141BAC782D198A43B2CF772C1B775C0A6313CB
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm38.hanmail.net
Sending IP: 203.133.180.226
From: 오경호 <pop0403@daum.net>
Subject: 중국 수출용 NEW PROJECT -Purchase Order_200522-01 발주서 첨부 건
Attachment: NEW PROJECT - Purchase.img (contains "list.dwg.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1SrbSxlrT9xoe_w1ZAl6Molm77gnXfEXY

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 04:36:37 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
13 of 30 (43.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 050952078d9240cf14a749350e711cddb76e2330336929919832d6a856107ef6

(this sample)

GuLoader

Executable exe f4e3a5c0dc83e93f54af3543efe40a1a984c4eb25be88b1259b685e06176461d

  
URLhaus
https://urlhaus.abuse.ch/url/365802/
  
Dropping
MD5 5c1b9662ca70e3bd79aa65262ffadcc7
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f4e3a5c0dc83e93f54af3543efe40a1a984c4eb25be88b1259b685e06176461d

Comments