MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9f2f2fc79dd24031077643b4715ea83c021f2ded837c68f426ce78b2dcf254c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9f2f2fc79dd24031077643b4715ea83c021f2ded837c68f426ce78b2dcf254c
SHA3-384 hash: 4d88632a1133303f999deaae65ab6f4d4236ad90bfe9493f790f2106417930683c82b07910f6bd169b11878cc222200c
SHA1 hash: 90f5017bbb77ee5b09c2e8602ea693421f7f183f
MD5 hash: a29fa790932e18f2ddbec34a84abe15a
humanhash: queen-alaska-johnny-sixteen
File name:file.xls.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-22 09:54:50 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:SOC0wu7eg3eGbZJwaAfMrWjUOn0le9mlVCEY8pwG0CNClil729NG5ncvx:TjwiuwZSDJAe9VEY8p0CNj72H/p
TLSH 29450934F5A0EE42DA4D45F11E276B291427FCB529990AC3B2CF7B1C2B325C29A7135E
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm37.hanmail.net
Sending IP: 203.133.180.225
From: 이용종 <ogd7528@hanmail.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: file.xls.img (contains "20200522_wj3.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Bj4Pk98k6226AN6WvT5V8g8bLwo9zUcc

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 10:37:14 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 31 (48.39%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img c9f2f2fc79dd24031077643b4715ea83c021f2ded837c68f426ce78b2dcf254c

(this sample)

GuLoader

Executable exe 9620e9e95846fd7b21206464f6e5493290e869a425887621835ecc2a0de82101

  
Dropping
MD5 aaf0f0e6deb5b6a3f8ebf8c98ffe08d5
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9620e9e95846fd7b21206464f6e5493290e869a425887621835ecc2a0de82101

Comments