MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46080225682415b0a1118da085aa79f8e06d26e36b7a43b9ecf58ee329717cad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46080225682415b0a1118da085aa79f8e06d26e36b7a43b9ecf58ee329717cad
SHA3-384 hash: de159c92e21fa2df7351bc82f5648e59728412af3a1f55ed628789d798f7fbeb90b74c1646583b03b29fb55106c064e3
SHA1 hash: 2a2b45c7a550e935860c02e14cc6cfae0a8843c2
MD5 hash: 9dde18ef7bb9e0b2a909e9aebef94866
humanhash: magnesium-diet-oklahoma-yellow
File name:file.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-12 16:07:20 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:yOIsJQfCBXmlqv1Bf5ub6Lqdx9EdHVcZFg17uQQnk5ahtHf:yO2MX4wH5a6LOx9EsZUKFt
TLSH A7455D137790D623E7258BB01B299BA4066BFC313941895775CD3B7C2B76B42E83036B
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm38.hanmail.net
Sending IP: 203.133.180.226
From: 한석 이엔지 <yosiki55@daum.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: file.img (contains "Count.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.2288.21900.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 03:15:00 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 31 (48.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iyeaejlieqk3biirrwqilktz7dqg2jxdnn5ehopm6whogklrpswq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 46080225682415b0a1118da085aa79f8e06d26e36b7a43b9ecf58ee329717cad

(this sample)

GuLoader

Executable exe fcca738b7492f0d6fdb6eada6c111a2361d128ec5420fdcf91b8b56f1ecdb102

  
Dropping
MD5 80a6e210f4c9a0939cf66666d01360e2
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fcca738b7492f0d6fdb6eada6c111a2361d128ec5420fdcf91b8b56f1ecdb102

Comments