MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e7dde83f4b7bfa3464ec0d9c3bd89de62640f18c900132c1a6eb553450886e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e7dde83f4b7bfa3464ec0d9c3bd89de62640f18c900132c1a6eb553450886e5
SHA3-384 hash: 6474adf20e5adae93de7e632aecb9d230bad87c4d07835392e20b709cd34d1915d27fbb3465c7d7b8b81c261732d0e1d
SHA1 hash: 4d0c9fc365b2015d8781e9699c22df79e86ff3fa
MD5 hash: 26fb1be8088fc04c3a8b993aaf1caf70
humanhash: failed-east-uniform-romeo
File name:file.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:23'160 bytes
First seen:2020-05-22 09:54:02 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 384:XC0w8evFq8cxUxkyAI9xdX+AhAyxAecAqu2KBV3dKjSloJ1Mvar+8:Xu82WUvAOHXXAyxmAqlIV4mWr+8
TLSH 45A2E264572419192697CFABC503E38C4109D46F468D314B2B1E85DADFF8C70E617AFD
Reporter abuse_ch
Tags:geo GuLoader gz KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ns1.sundaehost.com
Sending IP: 203.146.102.27
From: Phillip Kang <Phillip.Kang@francoismarine.co.kr>
Reply-To: yjkang7@chol.com
Subject: Spare parts [예산견적] Offsore-Project(S-007)
Attachment: file.gz (contains "File.exe")

GuLoader payload URL:
http://creativewg.com/aguobodo_kmuDRGDn229.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 11:03:15 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
12 of 30 (40.00%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 3e7dde83f4b7bfa3464ec0d9c3bd89de62640f18c900132c1a6eb553450886e5

(this sample)

GuLoader

Executable exe 2e3260ca4d01f04afc383985273b2c6d24984eaf8bee60ab66d2c3b0c73d307e

  
URLhaus
https://urlhaus.abuse.ch/url/366488/
  
Dropping
MD5 38f77309631bcf97ff16b7ac6b7b83ad
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2e3260ca4d01f04afc383985273b2c6d24984eaf8bee60ab66d2c3b0c73d307e

Comments