MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1055935b94ea812f0366f4d3b5d05b3d58368f9a70432a348ad696739c59675. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f1055935b94ea812f0366f4d3b5d05b3d58368f9a70432a348ad696739c59675
SHA3-384 hash: ac4eb89b9717491dd3024ae3704351d0a5f75c76f471e8b241d55ccfc335a7f13109eb5cd73d33cd49a9bcdce1fb40e9
SHA1 hash: ace907a03192d10d8516e53ddd3e3de70d46f925
MD5 hash: 8ec31f4fbaa25cdf88adbb44ae54b4ee
humanhash: stream-don-william-white
File name:file.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-27 17:14:57 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:YROSvEfa58porkDaNcAdGFo3HGRLxnW6yoPDXvrNS+G8j7/V6LmvCcek:69GpoVNcCGFo3mRfyoPDXDNS+tgy
TLSH 98452865BA94EC91D94988F22A7747282A2BFC7914418B43B7CF3B1C3B339C1D622307
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm80.hanmail.net
Sending IP: 211.231.106.155
From: 권용한 <hth0412@hanmail.net>
Subject: 발주서송부건
Attachment: file.img (contains "20200522_wj2.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=17IV_sFhtY4dPcv7rF-v09qDLrucCeAbC

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 17:37:11 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img f1055935b94ea812f0366f4d3b5d05b3d58368f9a70432a348ad696739c59675

(this sample)

GuLoader

Executable exe fb929a20bfd4d36c126f3d26b95aadf256f2f85ef3b2564f9a79fd7cc92f7eb5

  
Dropping
MD5 c742a66c3b6037e2c5f570c0ed5c9068
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fb929a20bfd4d36c126f3d26b95aadf256f2f85ef3b2564f9a79fd7cc92f7eb5

Comments