MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ee9d3af84f02be1fe7c45f9e618ef402d09bb3e1eac3b8e46f1d587aebe42aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 6 Yara Comments

SHA256 hash: 2ee9d3af84f02be1fe7c45f9e618ef402d09bb3e1eac3b8e46f1d587aebe42aa
SHA1 hash: cf89e291898cf530e4c42270f9e47a7dddcdfb5d
MD5 hash: 06197da63722ddf55ae757d68aefc69e
File name:WIRE PAYMENT- WELSFARGO.IMG
Download: download sample
Signature GuLoader
File size:1'245'184 bytes
First seen:2020-05-23 11:50:43 UTC
Last seen:2020-05-23 11:51:08 UTC
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:Ok0dgtnscXYMReRTZlER2wqqepVixDrvOuEwe+skgCtqtoHEkFeM:/E2s+YMR2ERtoHWDr2SskhpvFT
TLSH 67452966B940DC72DA600FB15E728A6818B7FC3159404B0379DE3B5E2F3368DA935397
Reporter @abuse_ch
Tags:GuLoader img


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: biza0.feedtrades.com
Sending IP: 103.124.107.37
From: ACCOUNT9 <contacts@feedtrades.com>
Subject: FWD: RE: WELSFARGO-US BANK TELEX PAYMENT $32,000
Attachment: WIRE PAYMENT- WELSFARGO.IMG (contains "STOCKHOLM -SE BANK TELEX 32,000 EUROS.exe")

GuLoader payload URL:
http://185.205.209.166/wext/Rem-Stub21_xJNEDiadS140.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 21
Origin country US US
ClamAV PUA.Win.Packer.ProtectSharewar-2
PUA.Win.Packer.ProtectSharewar-3
VirusTotal:Virustotal results 38.33%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 2ee9d3af84f02be1fe7c45f9e618ef402d09bb3e1eac3b8e46f1d587aebe42aa

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments