MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08f59cb5340816b5afedf0d408257ca81d4188622eb7876756bc731ff1652231. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 08f59cb5340816b5afedf0d408257ca81d4188622eb7876756bc731ff1652231
SHA3-384 hash: d85f2ca2b993fc4899f751fc2626447634a2bb9850ca8a5134cc41c192ff3c0020024d7c38303cb4d28f48daee422222
SHA1 hash: d99e3e1306fcde0fd53ba6136f2dfcb6a6589353
MD5 hash: e352f57a7bd8b1378c7a6caed435e341
humanhash: football-november-south-alabama
File name:file.lzh
Download: download sample
Signature GuLoader
Create hunting rule
File size:23'101 bytes
First seen:2020-05-22 09:49:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:JxCcbg/dvZdX5BSURYNHQMR9ikkiZMOg1Na7BD04H4EWiKhxCgzJOvaElrAutXor:a/P4UWFQMR9qOgux04YEWiYCgt+aUY+C
TLSH 67A2E130ADAF89D09333D3625839A45E3BD05C763F9298DB54F3007268D8451BEBE61E
Reporter abuse_ch
Tags:geo GuLoader KOR lzh


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm35.hanmail.net
Sending IP: 203.133.180.223
From: UTITECH <juha78@hanmail.net>
Subject: 유티아이테크-발주서 송부의건
Attachment: file.lzh (contains "file.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=809F316B561D99CA&resid=809F316B561D99CA%21156&authkey=AAcCJtFdwbo1Azc

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 04:36:38 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 30 (50.00%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 08f59cb5340816b5afedf0d408257ca81d4188622eb7876756bc731ff1652231

(this sample)

GuLoader

Executable exe 2090ef501bf30eff58e65ff4491b5a913e5e105ff952b6d26b3e5ccf9e251cc9

  
URLhaus
https://urlhaus.abuse.ch/url/366513/
  
Dropping
MD5 19441c079bebced94897c9dcd3567d99
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2090ef501bf30eff58e65ff4491b5a913e5e105ff952b6d26b3e5ccf9e251cc9

Comments