MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2a3891804f4e887338dfdfdd16bed5576dc4f636575f3c0b2f8d09f47a516db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2a3891804f4e887338dfdfdd16bed5576dc4f636575f3c0b2f8d09f47a516db
SHA3-384 hash: 0c9103de8c8481ed3d51ad0d50b8f1a577a6bb80560a917271347d1ad91f7c9212477ab883c935f07d9a3f071eda28aa
SHA1 hash: 60cbb10a21e6c7cd4f65ba6a94cadd678ea9205f
MD5 hash: 50f729b42344e83eb7b3b9e0eb77ef37
humanhash: carbon-romeo-orange-colorado
File name:RFQ Aramco-6201083878-PO4506089438 AIR COOLERS-ACHE.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:147'456 bytes
First seen:2020-05-27 13:00:34 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:sp1pGZDTWdUOD5ucMN1F006Caas0mKZq91FaK+jI5B7f2Q3xGmrYfYUhWb/KASnl:jKdUOUm0CHKQ9yInifYUhWb/KASl
TLSH 51E307237DA44DA1F90045B2DCA3C6EE259B6C225C415F0BF08C3E1E5777786EEA6326
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: reg.freeman-solicitors.co.uk
Sending IP: 134.209.97.118
From: Takuro Taguchi <takuro.taguchi1@aramcoasia.com>
Reply-To: kateyoon.daewoonenc@protonmail.com
Subject: RFQ Aramco # 6201083878 / PO 4506089438 L & T Hydrocarbon Query on Air coolers (BCD: 3-JUN)
Attachment: RFQ Aramco-6201083878-PO4506089438 AIR COOLERS-ACHE.img (contains "FILE.exe")

GuLoader payload URL:
http://zed2020.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_ybKSwpPkG60.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50054.290.29095.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 12:11:24 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
13 of 30 (43.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img b2a3891804f4e887338dfdfdd16bed5576dc4f636575f3c0b2f8d09f47a516db

(this sample)

GuLoader

Executable exe f8eba2fe120aa64939010e6c31a63a7c12e97952c55bd29fd441f2139d9b7acd

  
URLhaus
https://urlhaus.abuse.ch/url/369893/
  
Dropping
MD5 1956ddda5f357c440b7262cb779b86e1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f8eba2fe120aa64939010e6c31a63a7c12e97952c55bd29fd441f2139d9b7acd

Comments