MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08f59cb5340816b5afedf0d408257ca81d4188622eb7876756bc731ff1652231. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 08f59cb5340816b5afedf0d408257ca81d4188622eb7876756bc731ff1652231
SHA1 hash: d99e3e1306fcde0fd53ba6136f2dfcb6a6589353
MD5 hash: e352f57a7bd8b1378c7a6caed435e341
File name:file.lzh
Download: download sample
Signature GuLoader
File size:23'101 bytes
First seen:2020-05-22 09:49:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:JxCcbg/dvZdX5BSURYNHQMR9ikkiZMOg1Na7BD04H4EWiKhxCgzJOvaElrAutXor:a/P4UWFQMR9qOgux04YEWiYCgt+aUY+C
TLSH 67A2E130ADAF89D09333D3625839A45E3BD05C763F9298DB54F3007268D8451BEBE61E
Reporter @abuse_ch
Tags:geo GuLoader KOR lzh


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm35.hanmail.net
Sending IP: 203.133.180.223
From: UTITECH <juha78@hanmail.net>
Subject: 유티아이테크-발주서 송부의건
Attachment: file.lzh (contains "file.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=809F316B561D99CA&resid=809F316B561D99CA%21156&authkey=AAcCJtFdwbo1Azc

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 19
Origin country US US
ClamAV No detection
VirusTotal:Virustotal results 6.56%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 08f59cb5340816b5afedf0d408257ca81d4188622eb7876756bc731ff1652231

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments