MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae4221eb51699a4cf17f425e8ade77c5cf2bb0c1b283cd4f51421acf462a4294. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae4221eb51699a4cf17f425e8ade77c5cf2bb0c1b283cd4f51421acf462a4294
SHA3-384 hash: 9bf501e314ad4cb1d5379a3aafb330a0bcec74d7f1c65b390120244671dd31005dfdec0f8dcab174a06460955791377d
SHA1 hash: 2dc4be13bfa67ac6d325e9bd6f9d9bb3fab2629f
MD5 hash: 74386b484918b0adf465932f68772c31
humanhash: six-lactose-chicken-london
File name:file.lzh
Download: download sample
Signature GuLoader
Create hunting rule
File size:27'172 bytes
First seen:2020-05-26 07:31:16 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:m8FnKAc6gAi8aW+7J3tjc+s/686r4sncg70zPaIlF+lW6Qu6f:5Iv6Di8aLtjZg6869cJ7HlKW/f
TLSH 5EC2F1DE10A112D51D1D9EF203C0DD89E2C72CDAB4176B6C7DAC99CCCA35ACB1B92982
Reporter abuse_ch
Tags:geo GuLoader KOR lzh


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm81.hanmail.net
Sending IP: 211.231.106.156
From: UTITECH <hhsm1015@daum.net>
Subject: 유티아이테크-발주서 송부의건
Attachment: file.lzh (contains "file.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=809F316B561D99CA&resid=809F316B561D99CA%21156&authkey=AAcCJtFdwbo1Azc

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 12:32:36 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
12 of 47 (25.53%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar ae4221eb51699a4cf17f425e8ade77c5cf2bb0c1b283cd4f51421acf462a4294

(this sample)

GuLoader

Executable exe 0e3d83f664a5147b54de0323cf7319099cf4e214a074ba76c3cdc566f475eee3

  
URLhaus
https://urlhaus.abuse.ch/url/366513/
  
Dropping
MD5 5c5d66f2daef696903690cf6c9d9f01a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0e3d83f664a5147b54de0323cf7319099cf4e214a074ba76c3cdc566f475eee3

Comments