MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 444be8871618735a2486cbefaddf036ce012f87a2e2d06c3c755ffd569047488. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 444be8871618735a2486cbefaddf036ce012f87a2e2d06c3c755ffd569047488
SHA3-384 hash: fc052853593667c16da43f4a632b5241c6fd9079aaf5502381b6c30fe941fea7c7489d6aec45c148fbc1d3957db41e43
SHA1 hash: f608de6ae711b742ab017006c45b5445c7d53280
MD5 hash: cbfc0d0fc6e195a12435b4b7f64a487c
humanhash: five-nine-queen-cold
File name:PO11052020.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-26 09:13:09 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:mWGo08KEn5gBnQXyNk1/Ylw/Cl8K3+mIxfgtfG8RYLYbs:mWGA6BO/zCe6WLY4
TLSH 8545292275F4ECE1E8580EB10C636AB72915AC227A154F1B374EFB5D673A5C22EF0706
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm81.hanmail.net
Sending IP: 211.231.106.156
From: sales <kn131001@hanmail.net>
Subject: 긴급 견적의뢰
Attachment: PO11052020.IMG (contains "PO11052020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=15J0F5VXzgc8k_95cWWT3oxAgUxZbVttI

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:36:49 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 444be8871618735a2486cbefaddf036ce012f87a2e2d06c3c755ffd569047488

(this sample)

GuLoader

Executable exe ae7f733839f6f8e1560db793e5ec36573239f14aee9be57a477a2ec6c433baca

  
URLhaus
https://urlhaus.abuse.ch/url/368717/
  
Dropping
MD5 ed4e9379d636e4b305491c177138a8f0
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ae7f733839f6f8e1560db793e5ec36573239f14aee9be57a477a2ec6c433baca

Comments