MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ee9d3af84f02be1fe7c45f9e618ef402d09bb3e1eac3b8e46f1d587aebe42aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ee9d3af84f02be1fe7c45f9e618ef402d09bb3e1eac3b8e46f1d587aebe42aa
SHA3-384 hash: 40cf36be7bfbe596802d80e3e6226a954e9c27473cf6ca486b8cf8f65f57069d4c97f2c1c93b5ea8541c5dff5d01493e
SHA1 hash: cf89e291898cf530e4c42270f9e47a7dddcdfb5d
MD5 hash: 06197da63722ddf55ae757d68aefc69e
humanhash: angel-kansas-oranges-butter
File name:WIRE PAYMENT- WELSFARGO.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-23 11:50:43 UTC
Last seen:2020-05-23 11:51:08 UTC
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:Ok0dgtnscXYMReRTZlER2wqqepVixDrvOuEwe+skgCtqtoHEkFeM:/E2s+YMR2ERtoHWDr2SskhpvFT
TLSH 67452966B940DC72DA600FB15E728A6818B7FC3159404B0379DE3B5E2F3368DA935397
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: biza0.feedtrades.com
Sending IP: 103.124.107.37
From: ACCOUNT9 <contacts@feedtrades.com>
Subject: FWD: RE: WELSFARGO-US BANK TELEX PAYMENT $32,000
Attachment: WIRE PAYMENT- WELSFARGO.IMG (contains "STOCKHOLM -SE BANK TELEX 32,000 EUROS.exe")

GuLoader payload URL:
http://185.205.209.166/wext/Rem-Stub21_xJNEDiadS140.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 22:37:18 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
14 of 30 (46.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 2ee9d3af84f02be1fe7c45f9e618ef402d09bb3e1eac3b8e46f1d587aebe42aa

(this sample)

GuLoader

Executable exe 2f4ed6ffb6539e4fd08da57d1d3577180598316972c284d344fb84c1c601a129

  
Dropping
MD5 9dd792eb5cd0ca8aaf354fb198420913
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2f4ed6ffb6539e4fd08da57d1d3577180598316972c284d344fb84c1c601a129
  
Dropping
SHA256 461a6b0785f4a709fbc9a6aad7194f37f54adcf99e52a47d592761c7a1f29b03
  
Dropping
MD5 913afff12777c468c42ecca57e84127a

Comments