MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab1fe9d087acfb65960bb55c715912a6cf8fc41c89f87f660b1e856429729083. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab1fe9d087acfb65960bb55c715912a6cf8fc41c89f87f660b1e856429729083
SHA3-384 hash: 1841f17fb63760edbdf377365a31fc27f80e56b981dee59634b76080438d0e3fb2a1b5b6831dcb1362bc6d1a69f22cd4
SHA1 hash: a6f40e93b743eb030b425f5ca6dfa6e9db2a95b6
MD5 hash: ed4b21b9418a8da4a5254e8de0729bf5
humanhash: east-uranus-virginia-romeo
File name:prevod_2005220k8YIBRr.pdf.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-26 07:23:35 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:eTtBiSpfp6ZaRIX4pvrBkz4L31RsOXJCI/v:CBZgZqJQkcW
TLSH 7445C453B9D99DF2D8340BB20C7156A04E36BC252D604F07329CBB5E6F7A2D669F031A
Reporter abuse_ch
Tags:geo GuLoader img SVK


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.avrasyarulman.com
Sending IP: 185.239.237.91
From: nonstopbanking@vub.sk <nonstopbanking@vub.sk>
Subject: Potvrdenie o zadaní prevodu
Attachment: prevod_2005220k8YIBRr.pdf.img (contains "prevod_2005220k8YIBRr.exe")

GuLoader payload URL:
http://185.205.209.166/wext/n-bin_GuMUo43.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33903955.3079.22598.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 00:57:35 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
14 of 30 (46.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img ab1fe9d087acfb65960bb55c715912a6cf8fc41c89f87f660b1e856429729083

(this sample)

GuLoader

Executable exe e78024e5a271686a09ed988baa347a537c0cf49abb6966f434f4d350d06d9115

  
URLhaus
https://urlhaus.abuse.ch/url/368640/
  
Dropping
MD5 dc032fe18afb30cdebebdc31c986408d
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e78024e5a271686a09ed988baa347a537c0cf49abb6966f434f4d350d06d9115

Comments