MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79aa3c3d12290206713c539c690ffee1ef0b54dec96e9b98430a02e9caa5b27e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79aa3c3d12290206713c539c690ffee1ef0b54dec96e9b98430a02e9caa5b27e
SHA3-384 hash: 955eaaca328742c7ab01fc984163c5ed9096a4f5c11342031f9621c9b752ed45917039b5a20b3a5d1192447dde6ebba6
SHA1 hash: b8cc11f6f55d4bf72b889bd7cae804b1c84632ad
MD5 hash: af403e426170a62c4d71e15bd3ab2c46
humanhash: victor-xray-skylark-alabama
File name:RFQ-OM-3994 - Closing Date 30.05.2020 -MEPF-PO-2020-060PDF.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-22 09:45:13 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:+rMucGed0X0HxeDs1ejXXwWq+oceQQeAf5njpsLoJx6/P1kpV0R9QL:+Y5M0xeDsxsQei5jpsLfpQ
TLSH 7E453C26B990E9D6C9158BB249A9C27461BEFC337CD48B1B318D371C2B337A1783135A
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: medpex.com
Sending IP: 210.244.73.74
From: Purchasing <himanshu@anantcreation.co.in>
Subject: Quote Request
Attachment: RFQ-OM-3994 - Closing Date 30.05.2020 - MEPF-PO-2020-060PDF.img (contains "RFQ-OM-3994 - Closing Date 30.05.2020 - MEPF-PO-2020-060PDF.exe")

GuLoader payload URL:
http://www.pdslhk.com/file/binfle_ecBHJByY186.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Ursu-7865766-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 11:04:48 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
18 of 30 (60.00%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 79aa3c3d12290206713c539c690ffee1ef0b54dec96e9b98430a02e9caa5b27e

(this sample)

GuLoader

Executable exe a077d38903221c844f9f20a8c6e022a3242445b85faa55e8e650b7a727e048ae

  
URLhaus
https://urlhaus.abuse.ch/url/366458/
  
Dropping
MD5 330e5c8fc7c871c9216305b5d3cc7f26
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a077d38903221c844f9f20a8c6e022a3242445b85faa55e8e650b7a727e048ae

Comments