MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 050952078d9240cf14a749350e711cddb76e2330336929919832d6a856107ef6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 050952078d9240cf14a749350e711cddb76e2330336929919832d6a856107ef6
SHA1 hash: e37d525df8c2698997fca3de3df316abc91e6800
MD5 hash: 3c1d22c057a3dfff48a80ff4a9148648
File name:NEW PROJECT - Purchase.img
Download: download sample
Signature GuLoader
File size:1'245'184 bytes
First seen:2020-05-22 09:59:04 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:73wEF1JeO4Unkg4EPpojH8cqLJbFH8nU2w6EyZ4Hq53NFF0Urm0G3Fa:jvJeEkg4skXqLJRH2ZEyZ4O3Nzv
TLSH 96450831B9C0EC13CA6589F26EA74B65141BAC782D198A43B2CF772C1B775C0A6313CB
Reporter @abuse_ch
Tags:geo GuLoader img KOR


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm38.hanmail.net
Sending IP: 203.133.180.226
From: 오경호 <pop0403@daum.net>
Subject: 중국 수출용 NEW PROJECT -Purchase Order_200522-01 발주서 첨부 건
Attachment: NEW PROJECT - Purchase.img (contains "list.dwg.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1SrbSxlrT9xoe_w1ZAl6Molm77gnXfEXY

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 21
Origin country FR FR
ClamAV PUA.Win.Packer.ProtectSharewar-2
PUA.Win.Packer.ProtectSharewar-3
VirusTotal:Virustotal results 6.78%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 050952078d9240cf14a749350e711cddb76e2330336929919832d6a856107ef6

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments