MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5484272a6f7844da99fb62ef3c13eb493dbf336a572bbcbc2dcdba44aa45a760. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5484272a6f7844da99fb62ef3c13eb493dbf336a572bbcbc2dcdba44aa45a760
SHA3-384 hash: aa7726b309b51e6917f7240f3203bc7b1815982e42ec869eac0333af9723b0885855b20c29e7c9c561874499d8533633
SHA1 hash: e1386da6612998a6a98e9472ff2b28461068d86c
MD5 hash: a63a71665ddba42cb50e52e1f6e474d3
humanhash: glucose-illinois-oregon-early
File name:Mt Woo Lim.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:26'003 bytes
First seen:2020-05-21 08:50:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:tXBEQSGsfCDcpf67QpvvUSlgBlNQbQ3//K:txEP3TnZgBkbQXK
TLSH 5AC2D162B6C35F1FE2C9676E74A3A590BB0FEAA555D20612416A76FF103F2C5C8D0702
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

From: "Woolim Shipping Co., Ltd./SEOUL" <htkim@woolimshipping.co.kr>
Subject: [AGENT NOMINATION] CSS 8,000MT & SM 1,700MT
Attachment: Mt Woo Lim.zip (contains "Mt Woo Lim.exe")

GuLoader payload URL:
https://ny.yummyeliquid.info/mana.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.13146.32731.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 01:18:23 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ksccoktppbcnvgp3mlxtye7lje636m3kk4v3zpbnzw5ejksfu5qa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 5484272a6f7844da99fb62ef3c13eb493dbf336a572bbcbc2dcdba44aa45a760

(this sample)

GuLoader

Executable exe be3b97c7e3cfc20c1d1bfae70e75d3c2c4b376aa0750310baaa9b1e5011bf6d9

  
URLhaus
https://urlhaus.abuse.ch/url/365795/
  
Dropping
MD5 b30bfc1d47810e78c4f6022211c6bc7c
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 be3b97c7e3cfc20c1d1bfae70e75d3c2c4b376aa0750310baaa9b1e5011bf6d9

Comments