MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf50f1a34913494fedbeb681e91f58d761522878e7d06bd92fd61bbe790031a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf50f1a34913494fedbeb681e91f58d761522878e7d06bd92fd61bbe790031a7
SHA3-384 hash: bcf08d6e87396a3ed3ec751fbec15340c921a2d0919210103176970bc5ffc72ac826df4aaf6b91c9ec4097c533421393
SHA1 hash: f629e42206b47c23360813b8e5a9e367b8f77c2c
MD5 hash: e2938c9ba901f389e7f0fdf4e5002a42
humanhash: monkey-butter-undress-princess
File name:HYUNDAI MASS QUARANTREAT PROJECT.dwg.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-27 16:46:30 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:OxIdH/Ybj0r7k9dWyGixpO80ugtFZt+d6rvGaqc608CJApE:Owm02/kF
TLSH A345F91375944CB6E835CFB10DB1A9B61D33BD2A7A214F13714DBB4E1B36ECA169032A
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm33.hanmail.net
Sending IP: 203.133.180.217
From: 로이 유 <samhwasw@hanmail.net>
Subject: 견적요청의 件:HYUNDAI MASS QUARANTREAT PROJECT
Attachment: HYUNDAI MASS QUARANTREAT PROJECT.dwg.img (contains "list.dwg.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1yvUmndXHYJrqZqDiKZLk5dL77lP5AUUd

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50073.5672.14326.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 03:54:42 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 30 (50.00%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img cf50f1a34913494fedbeb681e91f58d761522878e7d06bd92fd61bbe790031a7

(this sample)

GuLoader

Executable exe 06eedbf28decc091bf9b743dfcbd8314a1a44cac862681d543f458604ec5c6b6

  
URLhaus
https://urlhaus.abuse.ch/url/369913/
  
Dropping
MD5 d42dc4cee55bd0f540400297218f1a2b
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 06eedbf28decc091bf9b743dfcbd8314a1a44cac862681d543f458604ec5c6b6

Comments