MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c7ee1fd0324d7b61bb933256a6c88f51ce819fc06399abd0a3f1426074bdce5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c7ee1fd0324d7b61bb933256a6c88f51ce819fc06399abd0a3f1426074bdce5
SHA3-384 hash: 7661fc62477908b76846ff9c2ac75a4ccbe39c75ad75dcca119da19bd47e36a20131a7f63cdb3e953a6a42c8e75992f9
SHA1 hash: 8787b4921b074915009691cafb76243ab6462fab
MD5 hash: e61eec2b361c133c99066646a1f82a77
humanhash: cola-south-arkansas-king
File name:FORMETANATE HCL 90%.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-26 08:57:01 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:l+cBUB1yyrJQaJupFF/H6XS+dLJeonkWmLpOJ42KYg1+nKJrLcXM0l6rzjiTXOF:lF1y6aEvceohUUWFsKJn2M0l67iTXOF
TLSH B7456C06B289ACB6FD790FB109369E585939FD312C115A833D8DF75E0B332892DB135A
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: [5.181.166.234]
Sending IP: 5.181.166.234
From: JIN BUYNG KWUN <fluen@influencingyouth.org>
Reply-To: JIN BUYNG KWUN <fluen@influencingyouth.org>
Subject: PO 2020 14850NTD Formetanate HCl 92% supply
Attachment: FORMETANATE HCL 90%.IMG (contains "Propinquityhaem7.scr")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1nto_dZItEwC6zMJDTntutaxH9HmUSJjl

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Guloader-7900546-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:36:43 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 0c7ee1fd0324d7b61bb933256a6c88f51ce819fc06399abd0a3f1426074bdce5

(this sample)

GuLoader

Executable exe 5ae1e20709a0557d7d4a90411f73981934d2184d4e6ee18c8a2cfe81a2381452

  
URLhaus
https://urlhaus.abuse.ch/url/368752/
  
Dropping
MD5 b60e990c5b2eea4779da01ae7c5df02b
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5ae1e20709a0557d7d4a90411f73981934d2184d4e6ee18c8a2cfe81a2381452

Comments