MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba7a924703a5105c982b8da16704ee7e22357359fc0ce075f4a8cd80249f1379. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba7a924703a5105c982b8da16704ee7e22357359fc0ce075f4a8cd80249f1379
SHA3-384 hash: af96e122154f7da001ce3bb6874fc5b2d85bb7511753bf52496f5367c04aa944693da95345a8b3d47958383d38c89f31
SHA1 hash: 8df4c0b423114cc5aa1635484cd9218845cdadc0
MD5 hash: fd1bbe41e42327d49fa1abe090a07ce7
humanhash: zulu-juliet-hamper-saturn
File name:DHL_DOCUMENT_KR.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:143'360 bytes
First seen:2020-05-22 09:46:37 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:kp1pgPVpGG1gGt+HMA08uDq/NktZi4P8PL8FZoUqZUOYCfYzEjpyiaSKn5Rf1VWW:j+PytV8T/UOYCfYzgpyyK5RfL
TLSH 31E32A29B654ECE4CE044EB18EA88AD445AFBC715D058F0B3ADD3B6C2B3B542AD6131D
Reporter abuse_ch
Tags:DHL geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: poc.creationfinancial.co.uk
Sending IP: 178.62.94.186
From: DHL Korea <info@careoption.net>
Reply-To: kodak3399@protonmail.com
Subject: (Dhl korea) 글로벌 문서 도착/주소 확인
Attachment: DHL_DOCUMENT_KR.img (contains "DHL_DOCUMENT_PDF.exe")

GuLoader payload URL:
https://noirrealtysolution.com/ad/bin_BJUiS152.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 11:06:44 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
12 of 31 (38.71%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img ba7a924703a5105c982b8da16704ee7e22357359fc0ce075f4a8cd80249f1379

(this sample)

GuLoader

Executable exe 1d3bd2bc079a411c7f6ae85c322147246640834d77cba3388f00a0ff1a86c6d1

  
URLhaus
https://urlhaus.abuse.ch/url/366497/
  
Dropping
MD5 7aa29853a92ae931b98f964bd3deb8e1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1d3bd2bc079a411c7f6ae85c322147246640834d77cba3388f00a0ff1a86c6d1

Comments