MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ddad1b1c0efa1778425a0b65c9771b1d6ef293994d29c1b7f28a5c1d1a84fbe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ddad1b1c0efa1778425a0b65c9771b1d6ef293994d29c1b7f28a5c1d1a84fbe
SHA3-384 hash: 76e15d5990af8076f5f6d18bdb6771fbbab555f25ca4631b09993f43f20139849c07c580862f76f0167526df87c01be0
SHA1 hash: 1d7973a42a8b16eac846a163cb364028e88b6b93
MD5 hash: 74f8173629f20ac3a87334f6228d7c50
humanhash: jupiter-romeo-uranus-robin
File name:RFQ for Static Mixer.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-04 06:03:50 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:UASPfxV40J7iNYLjHOBVujkgrKHxLdGKc+o0FDHdZ1gI6f5PyXe0FsutoNL:KPXJ7i6X7KVdhjFD9zMbJ
TLSH D1456B07ED9C8653D1488BBD2D228E793A1CBA0D09011FDF713D5E9BAF716852CAB11E
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.ecomotorhk.com
Sending IP: 162.144.56.225
From: DUBHECO <chloe.jeong@dubheco.com>
Reply-To: chloe.jeong@dubheco.com
Subject: DUBHECO - INQUIRY(A-20026981) LNG VENUS / MITSUBISHI HEAVY NAGASAKI 2295 (IMO:9645736) _02232
Attachment: RFQ for Static Mixer.img (contains "order.exe")

GuLoader payload URL:
http://149.255.36.133/bin_PqLAqQjAza233.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 03:13:29 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fxnndmoa56qxpbbfuc3fzf3rwhlo6kjzstjjyg37fcs4dunij67a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 2ddad1b1c0efa1778425a0b65c9771b1d6ef293994d29c1b7f28a5c1d1a84fbe

(this sample)

GuLoader

Executable exe 7acf7bc635e79515685759c8b4673d69245730d1e77dac430e093d7869e06e11

  
URLhaus
https://urlhaus.abuse.ch/url/378987/
  
Dropping
MD5 cb9e030a3f1af9a6939c7cd60cede8d7
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7acf7bc635e79515685759c8b4673d69245730d1e77dac430e093d7869e06e11

Comments