MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f44f9eb56ee1c8a63d748c3aec29701a252ba94ff1e757b900e98df768f517c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f44f9eb56ee1c8a63d748c3aec29701a252ba94ff1e757b900e98df768f517c
SHA3-384 hash: bfcf9e7fc3cd6b33e3a531fd57127b62f97c5d40c53372ae7115a1d5a0cd9c656b0dbde9f3f6057e149af6f85e14a003
SHA1 hash: d550914e2d2eac9fe142e26db0c86b8776346e5a
MD5 hash: 33ec2c8386e965ac2d939478afd8d4a4
humanhash: five-sierra-delaware-august
File name:file.xls.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-28 07:34:31 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:eUUagixNKINhxF7M3NoMTP5Hcohs7jCGQYxJtPR7RUGkE/T5H9soDml:zngibT9F49oJsZMRN2
TLSH E8453A22B276CCB2E74045B0D8C1C9F445A1FC14CA1A4E17BAC87F3E377D197AA62636
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm81.hanmail.net
Sending IP: 211.231.106.156
From: sunj <sjsm5885@hanmail.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: file.xls.img (contains "WJ320200528.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Idjd3GdAu_WOw0J9f1dqByEZK5JvKZru

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50209.8789.5901.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:37:34 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 3f44f9eb56ee1c8a63d748c3aec29701a252ba94ff1e757b900e98df768f517c

(this sample)

GuLoader

Executable exe f5e259dd4c72111e39df8ac18a4e3307e95e701a552d1c96faa648bc094ae468

  
URLhaus
https://urlhaus.abuse.ch/url/370286/
  
Dropping
MD5 7d2f7a7b0551ca5e8f2763123399ff85
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f5e259dd4c72111e39df8ac18a4e3307e95e701a552d1c96faa648bc094ae468

Comments