MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e7dde83f4b7bfa3464ec0d9c3bd89de62640f18c900132c1a6eb553450886e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 3e7dde83f4b7bfa3464ec0d9c3bd89de62640f18c900132c1a6eb553450886e5
SHA1 hash: 4d0c9fc365b2015d8781e9699c22df79e86ff3fa
MD5 hash: 26fb1be8088fc04c3a8b993aaf1caf70
File name:file.gz
Download: download sample
Signature GuLoader
File size:23'160 bytes
First seen:2020-05-22 09:54:02 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 384:XC0w8evFq8cxUxkyAI9xdX+AhAyxAecAqu2KBV3dKjSloJ1Mvar+8:Xu82WUvAOHXXAyxmAqlIV4mWr+8
TLSH 45A2E264572419192697CFABC503E38C4109D46F468D314B2B1E85DADFF8C70E617AFD
Reporter @abuse_ch
Tags:geo GuLoader gz KOR


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: ns1.sundaehost.com
Sending IP: 203.146.102.27
From: Phillip Kang <Phillip.Kang@francoismarine.co.kr>
Reply-To: yjkang7@chol.com
Subject: Spare parts [예산견적] Offsore-Project(S-007)
Attachment: file.gz (contains "File.exe")

GuLoader payload URL:
http://creativewg.com/aguobodo_kmuDRGDn229.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 20
Origin country FR FR
ClamAV No detection
VirusTotal:Virustotal results 27.87%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 3e7dde83f4b7bfa3464ec0d9c3bd89de62640f18c900132c1a6eb553450886e5

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments