MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0982f3c144a3bdb86a9781ea84b2d71419db446a0176cedbf408ac34f315644e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 0982f3c144a3bdb86a9781ea84b2d71419db446a0176cedbf408ac34f315644e
SHA1 hash: db92e8048d5ce0b87e8ac4b11bc1f08be6c96073
MD5 hash: 37a001bc1e168b5ce0a9aea10648d53b
File name:New Business Registration Certificate Scanned Copy.zip
Download: download sample
Signature GuLoader
File size:39'858 bytes
First seen:2020-05-22 10:00:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:zHyc6BaWLzgSxEk2nPMXVzigSq0TC4EaFyjnY+6cWvhXnL:zHycYnzgsYMXVzigSKT5Y+evhXnL
TLSH 6903022AE087F341DB92C88DB1560518E4A4D5F93656E7429A6F93B03423C3C7F2EA7D
Reporter @abuse_ch
Tags:geo GuLoader KOR zip


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: smtp87.iad3a.emailsrvr.com
Sending IP: 173.203.187.87
From: youngkyu_lim <kolonpr@kolon.com>
Reply-To: youngkyu_limc@kolon.com
Subject: 공고: 코오롱글로텍 대표자 변경의 건 [천안공장](계산서,거래명세표 대표자 변경 요청)
Attachment: New Business Registration Certificate Scanned Copy.zip (contains "file.exe")

GuLoader payload URL:
https://cdn.discordapp.com/attachments/708341142093168744/713193051815804968/1New_WZnvpn_DKBHXGNibM90.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 23
Origin country FR FR
ClamAV SecuriteInfo.com.Variant.Ursu.878098.24918.30062.UNOFFICIAL
VirusTotal:Virustotal results 24.62%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 0982f3c144a3bdb86a9781ea84b2d71419db446a0176cedbf408ac34f315644e

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments