MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4944613443bed864f7e3f7eab5684d6ae6f7b4d11fe1e81b3488e9aed1b61fe7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4944613443bed864f7e3f7eab5684d6ae6f7b4d11fe1e81b3488e9aed1b61fe7
SHA3-384 hash: 347601e83e15272ca4f0336e707ee7768a44b9ed8779c241924f695f9dfce19f65e691d3e07ac535138e466f5b327bf8
SHA1 hash: 5b2f4d3a0829e983b9b7cf938016542544098a3b
MD5 hash: 625a7266bb42acbf99b229e7a674ccd2
humanhash: bluebird-whiskey-lima-indigo
File name:RFQ for Ejector.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-04 06:04:03 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:KZzihssaEaSPfxV400eoFbC3kmgE7CNkgrKHxLdGKc+o0FDHdZ1gIphOZHy6L5Kb:dPX0eoFbCUY7aKVdhjFD9zlwJ4r+i7
TLSH 9B457D13EDAC8553D1044BBC2D628E793B1CB91959004FDF713D6E9BAF712912CAB21E
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.ecomotorhk.com
Sending IP: 162.144.56.225
From: DUBHECO <chloe.jeong@dubheco.com>
Reply-To: chloe.jeong@dubheco.com
Subject: DUBHECO - INQUIRY(A-20026981) LNG VENUS / MITSUBISHI HEAVY NAGASAKI 2295 (IMO:9645736) _02232
Attachment: RFQ for Ejector.img (contains "Holdningslses.exe")

GuLoader payload URL:
http://149.255.36.133/bin_PqLAqQjAza233.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 02:40:51 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jfcgcncdx3mgj57d67vlk2cnnltppngrd7q6qgzurdu25unwd7tq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 4944613443bed864f7e3f7eab5684d6ae6f7b4d11fe1e81b3488e9aed1b61fe7

(this sample)

GuLoader

Executable exe 006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b

  
URLhaus
https://urlhaus.abuse.ch/url/378987/
  
Dropping
MD5 53f1a33fe85f2688d3fc3de1aae29409
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b

Comments