MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4f1f3b31a3cfeaaf66184d3ba3ae52d11e3c187719158a6e584d6eef53276b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4f1f3b31a3cfeaaf66184d3ba3ae52d11e3c187719158a6e584d6eef53276b0
SHA3-384 hash: 6f6c2ad6f555e870b7979fe98b92cdc958dbe96c5a27dfc4aea28f2eb079f986c57cc2a6438d8542a50445cbd00ae7c5
SHA1 hash: 5cd9bb69a1d199adbca2616cb995d2bd507199cb
MD5 hash: 24781258810e9c00466cdc3470eaf6df
humanhash: lemon-mexico-oxygen-hamper
File name:FB190937040108012PINQ20200604.lzh
Download: download sample
Signature GuLoader
Create hunting rule
File size:74'372 bytes
First seen:2020-06-04 06:01:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 1536:hPqey+ECFE40TDEg8FDGozYjkXyO4niWy3kLvhwLlSPBgBr6aOh0imr:Dy+E60HEggGoz7XJwhwLlcBaLiE
TLSH 007302B1649C6008073DB03AF4C626CF3E4D0276E34EE1B5BC1969FB1DB866119DF4A6
Reporter abuse_ch
Tags:geo GuLoader KOR lzh


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm28.hanmail.net
Sending IP: 203.133.180.210
From: (주) 딘 텍 <soosungtec@hanmail.net>
Subject: 긴급견적의뢰의 件
Attachment: FB190937040108012PINQ20200604.lzh (contains "FB190937040108012PINQ20200604.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=809F316B561D99CA&resid=809F316B561D99CA%21175&authkey=AHjVAhLb3L8b4LQ

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 03:16:10 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wty7hmy2ht7kv5tbqtj3uoxffui6hqmhogivrjxfqtlo55jso2ya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar b4f1f3b31a3cfeaaf66184d3ba3ae52d11e3c187719158a6e584d6eef53276b0

(this sample)

GuLoader

Executable exe eada1679af7a95d25610ffc78ad2d33978f71ca837ff809ff5331a9b1f77541b

  
URLhaus
https://urlhaus.abuse.ch/url/378994/
  
Dropping
MD5 b99e1f88ad1a941cee371340cf811b2c
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eada1679af7a95d25610ffc78ad2d33978f71ca837ff809ff5331a9b1f77541b

Comments