MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 432c46326f50f3c00232f768d3297257567433ebd8a6a0878014822e0543b897. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 432c46326f50f3c00232f768d3297257567433ebd8a6a0878014822e0543b897
SHA3-384 hash: 25c2bcc7e60253071a6b7526547ba272d06d815ba0f3fa15be6783b27b54cebf40fac7692f64fbb1ed472e018ebd2bab
SHA1 hash: 45a71c11ebdbea944666f8a90a00e88a59c84abf
MD5 hash: 5a4e92b4d3b85b867b9eac1d316c91ba
humanhash: blossom-kentucky-oklahoma-fruit
File name:RFQ_V40795.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-27 17:30:01 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:D32E2AvlCtbg1zcsjCSIEs/eDZz3uhK7tb89+j1pkyZqzJdScbrUA1:qGgbgmsjCE6UZzeFYjoyZFE
TLSH B145081375A05C72EDB48BB109B189B51E36BE3D2A154F17714DFB0D2F32AC92AE131A
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: fran.com
Sending IP: 83.166.245.173
From: RINNO\ <RINNO <andy8645@naver.com>
Reply-To: andy8645@naver.com
Subject: Request for Quotation - V-40795
Attachment: RFQ_V40795.img (contains "order.exe")

GuLoader payload URL:
http://185.94.191.88/bin_qNQJqzF250.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.879400.5326.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 17:36:46 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 432c46326f50f3c00232f768d3297257567433ebd8a6a0878014822e0543b897

(this sample)

GuLoader

Executable exe 4876d264ad500b3dc254dec660891144c3118a6cc9a229c60d39ff20b584ec0a

  
URLhaus
https://urlhaus.abuse.ch/url/368753/
  
Dropping
MD5 d9393457a5d08bca1214823f3e070261
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4876d264ad500b3dc254dec660891144c3118a6cc9a229c60d39ff20b584ec0a

Comments