MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b411e2f0cb2972f8f921d53a04d01b06aa8a68b51202d60484027433b5d223c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b411e2f0cb2972f8f921d53a04d01b06aa8a68b51202d60484027433b5d223c
SHA3-384 hash: a44f22dcaed4a2c570d01bd4df9d3cc37b2c1ccd6d575e9e2938bfe5539751308a63b2c39635609ed70d3a73b81519d4
SHA1 hash: 379c9b49040fff8d60e27e3f272f76307107e94b
MD5 hash: e534a09c43054cac6ab0af74750107be
humanhash: eleven-avocado-stairway-berlin
File name:HT_20200525.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-26 07:37:17 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:wSxG1NEXe7yOqwgZymJlBb5o7WURwHn8H5k2q15:wSg1NEuXOZyk52dRwH8lS
TLSH 0D45E806B6C49C61EE150EB048E29EA65E27FE252D412F03B60EF79E67375845FE031E
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm49.hanmail.net
Sending IP: 203.133.180.237
From: 이한석 <esnct@hanmail.net>
Subject: 긴급 견적의뢰
Attachment: HT_20200525.IMG (contains "HT_20200525.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1uF_4zr5Qc5RfxwI1qstwUifJIVF1XvAV

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:41:33 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
14 of 30 (46.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 4b411e2f0cb2972f8f921d53a04d01b06aa8a68b51202d60484027433b5d223c

(this sample)

GuLoader

Executable exe 11da12022c4b4fdd9947dce6ccf0cde30cc34a1816f4a4791ce0f298133749ef

  
URLhaus
https://urlhaus.abuse.ch/url/368638/
  
Dropping
MD5 ea58e8de5490a06a82e9ff94e872e4f2
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 11da12022c4b4fdd9947dce6ccf0cde30cc34a1816f4a4791ce0f298133749ef

Comments