MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a384bbfb0eb947276064229126234ab1ef47a5ff9c2d09265b327128107a09f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a384bbfb0eb947276064229126234ab1ef47a5ff9c2d09265b327128107a09f8
SHA3-384 hash: f22835f67d69cadb897697433dd6bb35c3d52baf9e7d0cef5b4e1240f3bf2dfb4f186054d76c82b70bbec1ee1290be06
SHA1 hash: dfeb94ddb7195b58d1220f04e0b9f6f394c00580
MD5 hash: 7b630b1ea5d251f7c6dce73cade6e9ac
humanhash: pizza-floor-juliet-papa
File name:Order.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-28 07:32:47 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:2qruhIqWJR33eMDwu67uX2ZGt4m8rjYFzcBZ2TIYqBpB4PFRg/J4bmgP5Fm+tJyp:GGFeGwuXmZG4mxFC/+bfvPIsK
TLSH F0455D37F2A2DC62C98445B0D8D1C5F51460BC14DA078E2BB6C97F3E737A1C2A96673A
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mailsnd3.chol.com
Sending IP: 203.252.1.124
From: (재)한울문화재연구원 <hurich@chol.com>
Subject: PO2005000097
Attachment: Order.img (contains "Order.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1krR1mE7LvSySGd2wQ8HY6zBAcV3BkriY

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDX.25152.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 04:00:41 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img a384bbfb0eb947276064229126234ab1ef47a5ff9c2d09265b327128107a09f8

(this sample)

GuLoader

Executable exe 1b15ba9f050a7ff993454ced505009cf9af6cdee45d8acc037ff05bf96304b97

  
URLhaus
https://urlhaus.abuse.ch/url/370304/
  
Dropping
MD5 9c6d80b7c3803d3c4064a57c23f416d9
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1b15ba9f050a7ff993454ced505009cf9af6cdee45d8acc037ff05bf96304b97

Comments