MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7be610b9255661d6197d628df2d1f7d9184e839aa0af2920a39c3f765694c433. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7be610b9255661d6197d628df2d1f7d9184e839aa0af2920a39c3f765694c433
SHA3-384 hash: 1f6d333e260c9de4a2d8c096e0d86595b6829efbea4cf8d2c9dc397c005f0d0bde65780e6bd0a0737624014b44731e37
SHA1 hash: a3b21523fe49a76230da9a18bf92afe04fb6df83
MD5 hash: d976cfcb229f65d274f6138fa41eefa1
humanhash: virginia-massachusetts-floor-fifteen
File name:Request_for_Quotation_Decanter_00223.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-27 17:30:32 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:kRuVDeQHNgcDXNJJM9doKyzn0XSSV1I3ckEf3vSFWUmjiB4ELB0vS5kHgJdeIDHh:IMVtpDh6dGz5ckQAmo4dS5aI9
TLSH 9845E703B6905CB2FD788BB10971C6645D73BD396A151B17B60DBF4F2B326CA1AA031B
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.ecomotorhk.com
Sending IP: 162.144.56.225
From: Batgerel Odsuren <odsuren.batgerel.me2@eng.nssmc.com>
Reply-To: odsuren.batgerel.me2@eng.nssmc.com
Subject: Request for Quotation of Screw Decanter Centrifuge_CE1 Project/AA167194000000 (Muhan Technical)
Attachment: Request_for_Quotation_Decanter_00223.img (contains "order.exe")

GuLoader payload URL:
http://185.94.191.88/bin_qNQJqzF250.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.879400.5326.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 17:36:58 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 7be610b9255661d6197d628df2d1f7d9184e839aa0af2920a39c3f765694c433

(this sample)

GuLoader

Executable exe 54b35c8b82d20ae8c2cf8204a8a56562364bbca46d434670369c6bd578bdfd6d

  
URLhaus
https://urlhaus.abuse.ch/url/368753/
  
Dropping
MD5 60d0de0e250c1a0f4bf73944f2c352f6
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 54b35c8b82d20ae8c2cf8204a8a56562364bbca46d434670369c6bd578bdfd6d

Comments