MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e04103afb750a625530143905db4095fde8d79f4990573496441fc08f2e2a919. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e04103afb750a625530143905db4095fde8d79f4990573496441fc08f2e2a919
SHA3-384 hash: 3a3a9f4dc05032c0748bf3191838cfba9b5fb4a667e6a42f4911f40464c89ca9a04d81eff11fe2a696e746f3eba74d46
SHA1 hash: 65d2c534b4e1dbe5e0223c4039fc19e343182fb4
MD5 hash: 7552ae3db2702e7705112d90b1b6f838
humanhash: jersey-emma-leopard-kilo
File name:file.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-12 15:44:44 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:pqM1MrY9iOIrrOrHIBpz39vyeHS1qfsV1o2YxGs7wzrhH5:+rOI7ztvyDq01Yxcj
TLSH CD453903F7E0D532E2098AB25B2AA79405A7FCB01956894375CC7F1D3B76F93A92131B
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm40.hanmail.net
Sending IP: 203.133.180.228
From: 이유빈 <yubin_1218@daum.net>
Subject: 발주서송부건
Attachment: file.img (contains "WJJ_quote.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Fareit-7784794-0
Create hunting rule

Win.Trojan.Fareit-7784840-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:47:25 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4baqhl5xkctckuybioif3najl7pi26putecxgsleih6ar4xcvemq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img e04103afb750a625530143905db4095fde8d79f4990573496441fc08f2e2a919

(this sample)

GuLoader

Executable exe d98c94265a32705781c3702b0c93298fe71325cc0d3b8ee5b59a469b412e5263

  
Dropping
MD5 cb5d5e2a801d0062f57b5130890e53a2
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d98c94265a32705781c3702b0c93298fe71325cc0d3b8ee5b59a469b412e5263

Comments