MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 22b8f8e766f0bb235720c139a586cbe889437fc29c038685cec27d1d295b28fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 22b8f8e766f0bb235720c139a586cbe889437fc29c038685cec27d1d295b28fc
SHA3-384 hash: dba8eb257950a929e1416ba09240aa236a1f0c91967b2fbcd140dbf043724556d1585976ce6dfd6f47e119c67ced62f4
SHA1 hash: 5243bb3e0c6bfac25d14521f7d0d1241d2b0798b
MD5 hash: 07a7f1829c721ce9e5c442908afcfbd8
humanhash: minnesota-mobile-venus-skylark
File name:RFQ CTC Group Global 93437326563.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:155'648 bytes
First seen:2020-06-04 15:54:24 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 3072:Lfrg/GSD1wUjYEpr00NwnLNJdUq5S8b8alq27mMJ:Hg3ZPp00KJdUq5v4alq2aM
TLSH 58E37D52D2F6BA71DF35DBB21AB05510403BAC2238FB4E0B35FE19782723985B5A2753
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Titus S Kemp <procurement officer@ctc-group.com>
Subject: RE: Urgent Request Quotation CTC Group Global For HTR 864
Attachment: RFQ CTC Group Global 93437326563.IMG (contains "RFQ CTC Group Global 934363Img.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=1B5AC29232549D63&resid=1B5AC29232549D63%21106&authkey=ADDxT4gP2p2WZpM

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 16:36:32 UTC
AV detection:
9 of 31 (29.03%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ek4prz3g6c5sgvzaye42lbwl5ceug76ctqbynbooyj6r2kk3fd6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 22b8f8e766f0bb235720c139a586cbe889437fc29c038685cec27d1d295b28fc

(this sample)

GuLoader

Executable exe 803e96c5dc273ebc317b62354c790742fbb9807ee577e52790f293ed8298dde9

  
URLhaus
https://urlhaus.abuse.ch/url/379328/
  
Dropping
MD5 d40270b77c07c1ee01dd66bd468b5c52
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 803e96c5dc273ebc317b62354c790742fbb9807ee577e52790f293ed8298dde9

Comments