MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ebd89ad32a8eb7b4acb5525539791866e577c727fafe83ddd297ae5b131f3bf6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ebd89ad32a8eb7b4acb5525539791866e577c727fafe83ddd297ae5b131f3bf6
SHA3-384 hash: b5736f0b4c2d02357031978257b7d6d243cb9ac13a1bc67d5e8e20e388c465fe681d0c62728be9e318b67ef912cb148e
SHA1 hash: 696de6215cefb7a7aa207cee03ec14c09957d814
MD5 hash: 6d9dc7f353f7dd47701e253b885c4d59
humanhash: texas-cardinal-cola-kilo
File name:DOC24052020.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:163'840 bytes
First seen:2020-05-25 13:24:07 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:MWMT6BvU3pkT9vtAdSwHSkGPGmLrMix2d8jOE:MWci83yQniGmLgM5d
TLSH 7EF3E95379C8ECA1ED418FB25AE24DA94D22BD251C510F07395FB76D6B336C12BB032A
Reporter abuse_ch
Tags:DHL geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cer.pulapint.nl
Sending IP: 134.122.111.238
From: DHL Korea <info@clinton.org>
Reply-To: kodak3399@protonmail.com
Subject: (DHL) 글로벌 문서 도착/주소 확인
Attachment: DOC24052020.img (contains "DOC24052020.exe")

GuLoader payload URL:
https://noirrealtysolution.com/ad/asd/bin_keNInZ155.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaCO.34122.gm0@aOnU67nb.26448.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 13:05:22 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
13 of 30 (43.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img ebd89ad32a8eb7b4acb5525539791866e577c727fafe83ddd297ae5b131f3bf6

(this sample)

GuLoader

Executable exe 5c7b25c7496dfd38b4b8b2e0b77feaa6990cc65d2c376e49ede55188ffa0ea15

  
URLhaus
https://urlhaus.abuse.ch/url/367854/
  
Dropping
MD5 b08a17b5c08ea91b3e4b6e69a6ac323a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5c7b25c7496dfd38b4b8b2e0b77feaa6990cc65d2c376e49ede55188ffa0ea15

Comments