MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0cdc0a4469c22227858ca71d5cf42fb67c1d3bceff07cdc5ae907c08882e4c45. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: 0cdc0a4469c22227858ca71d5cf42fb67c1d3bceff07cdc5ae907c08882e4c45
SHA1 hash: 5b783833d49344c4bf8e0611743c2054c5b1f669
MD5 hash: 7a49343560a52bb59b1e52072e0106ff
File name:file.exe
Download: download sample
Signature GuLoader
File size:143'360 bytes
First seen:2020-05-22 10:00:52 UTC
Last seen:2020-05-22 10:51:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 62098d28089d223b071f09149ed22d13
ssdeep 1536:dD9t/G4VMqTK179HpAoTv2ouuZNY8SSSSSSSSSWNtLV:B7/HVMpTZZP
TLSH AAE3D75DF729ACE0EE1246B52C308E567F17BC3264A90E9F2684361A5C372435CBBD4B
Reporter @abuse_ch
Tags:exe geo GuLoader KOR


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: smtp87.iad3a.emailsrvr.com
Sending IP: 173.203.187.87
From: youngkyu_lim <kolonpr@kolon.com>
Reply-To: youngkyu_limc@kolon.com
Subject: 공고: 코오롱글로텍 대표자 변경의 건 [천안공장](계산서,거래명세표 대표자 변경 요청)
Attachment: New Business Registration Certificate Scanned Copy.zip (contains "file.exe")

GuLoader payload URL:
https://cdn.discordapp.com/attachments/708341142093168744/713193051815804968/1New_WZnvpn_DKBHXGNibM90.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 26
Origin country FR FR
ClamAV SecuriteInfo.com.Variant.Ursu.878098.24918.30062.UNOFFICIAL
VirusTotal:Virustotal results 36.62%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 0cdc0a4469c22227858ca71d5cf42fb67c1d3bceff07cdc5ae907c08882e4c45

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments