MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 49589031e5a665c62726275bf4d8eae87fa273d3eda9609937e428fe62b22b4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 49589031e5a665c62726275bf4d8eae87fa273d3eda9609937e428fe62b22b4b
SHA3-384 hash: e1913dee8e94ebdf66a919d662e59ef4b1a8ee4043373793c674ca6241f2b82685be9c6ffb34c79554c5c33d5daf09b1
SHA1 hash: 86287313105aa389148b0f9b6eb4e56ef0942271
MD5 hash: 9162d23cd87944a07b895a80c95a3ee8
humanhash: friend-georgia-saturn-quebec
File name:5-28-2020.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-28 07:22:14 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:y5e/qYnHwZfCNY8cdRZFiBRiLTpHCeUn/V9FYteeEfM++cBeYjCO05TsxNNO:7iYnQs+dRZs+UbKte7+cLS
TLSH 7945182AB21ADCB5C6C916B4DDE1D1F40461FC11D90A8A1B75CC3F2E737A196AD3233A
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm32.hanmail.net
Sending IP: 203.133.180.216
From: 한석 이엔지 <kmhgreen@hanmail.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: 5-28-2020.img (contains "WJ120200528.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1uH0s29YDq24ILt88VfzVhWxfxvJ0YhTe

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50244.20621.32446.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:37:35 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
13 of 30 (43.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 49589031e5a665c62726275bf4d8eae87fa273d3eda9609937e428fe62b22b4b

(this sample)

GuLoader

Executable exe e97244bc82d914b843dadf51702073bb1746d2e9d67f66e5c5aeef31f549a3c9

  
URLhaus
https://urlhaus.abuse.ch/url/370279/
  
Dropping
MD5 91f8eef34344f686d368cf63c09e951d
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e97244bc82d914b843dadf51702073bb1746d2e9d67f66e5c5aeef31f549a3c9

Comments