MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 442d68d95b9ec3f751b4bdc7db18739d23bfbec95399002d29ab5d9940934687. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 442d68d95b9ec3f751b4bdc7db18739d23bfbec95399002d29ab5d9940934687
SHA3-384 hash: 4dab7c82ef982aeef0c41b1df0f0e9ee43f2940a9907d707ffe5b044d5189a4512d7113925c2417f565282e20b6f2fe9
SHA1 hash: a95dfe9d6b1ab84ba5e545c8c2d2bbdb94e3e3b2
MD5 hash: dca387c7856fcd400dd9d9f8df3ebae5
humanhash: cold-potato-aspen-glucose
File name:DHL Korea Documents.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:147'456 bytes
First seen:2020-05-21 08:39:29 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:Kp1p2AKmJ+qnswdRvH89RO2nCGQigiwQTgv8DgR9y4bhhhUBNo6qSk:jA4TwrgPCG/2Q7K1TUBNov
TLSH 5DE31A63B9627EB8D97A4BF24C724650046BECF108E75B07F5CE3A1C0F37A89981571A
Reporter abuse_ch
Tags:DHL geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: poc.creationfinancial.co.uk
Sending IP: 178.62.94.186
From: DHL Korea <info@trailnet.com>
Reply-To: dhlofficekorea@asia.com
Subject: 소포 도착을위한 DHL KOREA INFORMATION입니다
Attachment: DHL Korea Documents.img (contains "udlaa.exe")

GuLoader payload URL:
http://izpanelone.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_TirFIsqp75.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47936.22062.31059.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 09:36:22 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iqwwrwk3t3b7ounuxxd5wgdttur37pwjkomqaljjvnozsqeti2dq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 442d68d95b9ec3f751b4bdc7db18739d23bfbec95399002d29ab5d9940934687

(this sample)

GuLoader

Executable exe 5281b04770cbfc7ab88d17ef529b8c59092d101e349d0140a8645da16aed369d

  
URLhaus
https://urlhaus.abuse.ch/url/365777/
  
Dropping
MD5 c97f5c3009ac3250b58fa00f67ccf071
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5281b04770cbfc7ab88d17ef529b8c59092d101e349d0140a8645da16aed369d

Comments