MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47e41c4f8e044725601d221ecbc8615ceedd6e812d3307f85288da46f4de7c9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47e41c4f8e044725601d221ecbc8615ceedd6e812d3307f85288da46f4de7c9a
SHA3-384 hash: a86e3ae3371ab4c8ab03a59f2779faeea53fb7a1de8fec719d1b6b648a5ef24e4286ef6b378e9e9e636d3ebc6c047ceb
SHA1 hash: 0420a54fdd425e2d54551a1d5b7ce83c88e95155
MD5 hash: e71d50c31fc768bee3a57319fdc65a09
humanhash: blue-magazine-eleven-mike
File name:Valvelistforyzj31.2734674.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-10 19:01:18 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:jO94d4xR4/kmaZV2rbLo2ZLB908D4tMk:s4dz/kmaD2Xzf
TLSH 99453B2EDA18D493E021073009B2469077677D0B754F991BBD4D2A2A0B72963AFF793F
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: elwood.ga
Sending IP: 168.235.67.246
From: (주) 해성테크 <garen@elwood.ga>
Subject: YZJ2019-2185'S 31.8K BC - Butterfly valve 견적 요청 건
Attachment: Valvelistforyzj31.2734674.img (contains "Valvelistforyzj31.2734674.exe")

GuLoader payload URL:
http://slimbosahiyke.webredirect.org//uploud/5bab0b1d864615bab0b1d864b3/bin_fQsdEb103.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 19:03:05 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i7sbyt4oardskya5eipmxsdbltxn23ubfuzqp6csrdnen5g6psna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 47e41c4f8e044725601d221ecbc8615ceedd6e812d3307f85288da46f4de7c9a

(this sample)

GuLoader

Executable exe 3a58b6a2f3d61ce467d8cbd7963b2224adeccfe5dc865eee164b7879f325a460

  
URLhaus
https://urlhaus.abuse.ch/url/385883/
  
Dropping
MD5 7573bc10713a7d8ec1ffa84a58d9ae25
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3a58b6a2f3d61ce467d8cbd7963b2224adeccfe5dc865eee164b7879f325a460

Comments