MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f86ae518180a446b6512634165900094f510d6f55eb32a61e593b948b5905db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f86ae518180a446b6512634165900094f510d6f55eb32a61e593b948b5905db
SHA3-384 hash: ff2b31b29326c63b1f6fb1cdb67de99ae07d5005821d5248242bf16bf8d2fab2fe535225782c58814b3bb3cba58ff259
SHA1 hash: 85c7d61dbeecc80d17a42093ff3d16e68288c62b
MD5 hash: 411185067af1c689e07919d1899420c6
humanhash: maryland-princess-green-two
File name:QUOTE.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:45'845 bytes
First seen:2020-06-02 11:20:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:m4p8x1nd7GnQD6qW3278EuwHkyK232q1SbN5JUNwOID6V3Z/Tn9JKC/BSa0qTOkt:mK8LdanQbW3GRTHky92q1SbN5KNwXOVN
TLSH 7C23F13861EC48ACED9427E15463C7467B080EC0906D1BC79E4AA79D681A1DBA4BBCF4
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: whm.mastertindo.com
Sending IP: 103.103.192.221
From: 최용현(CHOI, YONG HYUN) <yonghyun@dsme.co.kr>
Subject: 견적 요청
Attachment: QUOTE.zip (contains "QUOTE.exe")

GuLoader payload URL:
https://cor.sehablae.com/man.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Malware.Ser
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 00:55:05 UTC
AV detection:
3 of 48 (6.25%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d6dk4umbqcsennsrey2bmwiabfhvcdlpkxvtfjq6le5zjc2zaxnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 1f86ae518180a446b6512634165900094f510d6f55eb32a61e593b948b5905db

(this sample)

GuLoader

Executable exe b5f6c2a230e8c24dd4859e076e8802d5785c6af1056388a3bb660d091c1437ac

  
URLhaus
https://urlhaus.abuse.ch/url/374170/
  
Dropping
MD5 90ce0f474374981b8878cbf7b91e0bdc
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b5f6c2a230e8c24dd4859e076e8802d5785c6af1056388a3bb660d091c1437ac

Comments