MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc0ff90fa86cf8c4d22b49ba8989bba45b768ac971b83bc64deea1f0508e5f7b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc0ff90fa86cf8c4d22b49ba8989bba45b768ac971b83bc64deea1f0508e5f7b
SHA3-384 hash: c6ff406a4c4852a768cd8d87ba0c40d54e47738e9b64f925c556bd1b7faa4902df51dc2a92bd406e449763fda4d82fcc
SHA1 hash: 9f276f48b1a19860239df601a07f0f5cccc2f54f
MD5 hash: cd92439e6d4ce89dc4b4ffb1148e83ab
humanhash: texas-beryllium-harry-arizona
File name:prevod_2005220k8YIBR.pdf.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-26 07:38:26 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:c+LUUS15gSXt9xpc18KhF3h9CoYihDVZwRm3NvY:ZyC8KhH9CoYihhC
TLSH CE45E702B9D8EC81EC162EB01FD55A704E22BD216D526F03B58FBB0E6F765D12FA1316
Reporter abuse_ch
Tags:geo GuLoader img SVK


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.avrasyarulman.com
Sending IP: 185.239.237.91
From: nonstopbanking@vub.sk <nonstopbanking@vub.sk>
Subject: Potvrdenie o zadaní prevodu
Attachment: prevod_2005220k8YIBR.pdf.img (contains "prevod_2005220k8YIBR.exe")

GuLoader payload URL:
http://185.205.209.166/wext/n-bin_GuMUo43.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:51:06 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img dc0ff90fa86cf8c4d22b49ba8989bba45b768ac971b83bc64deea1f0508e5f7b

(this sample)

GuLoader

Executable exe dd87e9c01a0bf9cc9e8df91cde201e7993643d877029edaa053dda0dd916515a

  
URLhaus
https://urlhaus.abuse.ch/url/368640/
  
Dropping
MD5 da4a4fcd067ac2340626e6bc5ee6a01b
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dd87e9c01a0bf9cc9e8df91cde201e7993643d877029edaa053dda0dd916515a

Comments