MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41bc2b0c9bd4df5bdf9fda3693e23d4f25c2c6cc0f57abf8ede9c5f6c6782953. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41bc2b0c9bd4df5bdf9fda3693e23d4f25c2c6cc0f57abf8ede9c5f6c6782953
SHA3-384 hash: 7680e7798e1daa36c7fc0582be26f3c85e3f553599807b017771a25b4eada5f352369a3e196812ec2214f20393b2df04
SHA1 hash: d53dc3c18960e47860e055ef36a7c18287b537fa
MD5 hash: f4fc38002260dc70c6bd85d37294bc13
humanhash: bakerloo-pip-undress-whiskey
File name:vale-remittance.iso
Download: download sample
Signature GuLoader
Create hunting rule
File size:118'784 bytes
First seen:2020-12-03 17:37:23 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 768:DH2H7ikEZJDiLjwk1oozrKZM8u1tyxSk9GPHlI:CEZJWfwk1aZM80yxSkwHu
TLSH A4C30793A2128168F648427148C512645EDB7CB088B59A4F78DD3A1D2BF3F963C6DF8B
Reporter abuse_ch
Tags:GuLoader iso


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mtlfep05.bell.net
Sending IP: 184.150.200.94
From: Vale <myguptas@glowtronics.com>
Subject: Payment Remittance Advice.
Attachment: vale-remittance.iso (contains "vale-remittance.exe")

GuLoader payload URL:
https://mindforcehypnosis.com/fas/decemberomo_kxrZEKHm235.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
329
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/41bc2b0c9bd4df5bdf9fda3693e23d4f25c2c6cc0f57abf8ede9c5f6c6782953/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ig6cwde32tpvxx473i3jhyr5j4s4frwmb5l2x6hn5hc7nrtyffjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/41bc2b0c9bd4df5bdf9fda3693e23d4f25c2c6cc0f57abf8ede9c5f6c6782953

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 41bc2b0c9bd4df5bdf9fda3693e23d4f25c2c6cc0f57abf8ede9c5f6c6782953

(this sample)

GuLoader

Executable exe 9b56be4b90db19fb53dacfc6a255dd3acddd5a72e4083c85091fc4ad1482769c

  
URLhaus
https://urlhaus.abuse.ch/url/886246/
  
Dropping
MD5 0cd4e9bbfb1bf7684ae33ada4c733d0f
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9b56be4b90db19fb53dacfc6a255dd3acddd5a72e4083c85091fc4ad1482769c

Comments