MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 732ee2e82d05b8d6eca81f98f8249f399686fd4c849cafea4028d558e1a0bbb9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 732ee2e82d05b8d6eca81f98f8249f399686fd4c849cafea4028d558e1a0bbb9
SHA3-384 hash: 5da160514f7b458f5e508bee1fc3414a1c9470bac98d4418e1b62bcd7d5cff1e5e873052862dfbebe50afa0f7aff0348
SHA1 hash: 8a20aa90dec8cceb480be6afe355a451ed670e18
MD5 hash: 687872f55a295856baaa3e285f706986
humanhash: bakerloo-river-yankee-oranges
File name:HYUNDAI MASS QUARANTREAT PROJECT.dwg.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-28 07:29:11 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:RyEdXsdlk45LunTMe6HYVpDdzHnKwqD9EyEWrXO2dQTPhbd:1mpaTVpsD9jm
TLSH 37455A32B766DCA6DF410474D9D2C4F81424FC25C8064E5B72C87F2E77BA493A9A273A
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm45.hanmail.net
Sending IP: 203.133.180.233
From: 로이 유 <chabeopsu@hanmail.net>
Subject: 견적요청의 件:HYUNDAI MASS QUARANTREAT PROJECT
Attachment: HYUNDAI MASS QUARANTREAT PROJECT.dwg.img (contains "list.dwg.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=13P4tVpb0H0AY1JZPdC6ACdo1b0Hl9H7N

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Noon-7585277-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:37:41 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 732ee2e82d05b8d6eca81f98f8249f399686fd4c849cafea4028d558e1a0bbb9

(this sample)

GuLoader

Executable exe 25e1551ce3ed0f99ef77a16166273dacfbe6d0a37c9998a2f6c68639d21fc35e

  
URLhaus
https://urlhaus.abuse.ch/url/370283/
  
Dropping
MD5 e78af03b2d5d408c1d7bd0edaf3286e0
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 25e1551ce3ed0f99ef77a16166273dacfbe6d0a37c9998a2f6c68639d21fc35e

Comments