MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4bd31a0c14f90e2b5f7edd7440964354e2819672b36c35697ff1bc03cf24a07c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4bd31a0c14f90e2b5f7edd7440964354e2819672b36c35697ff1bc03cf24a07c
SHA3-384 hash: 8fc1c1b3040aa84e99ef2f713188ccee9c93772691fbc83d48294e06cc4d62a3619f2617bcbcc439f74afa19319ec236
SHA1 hash: 4fed367ce72e9ba2ddbd6be77b170ca46c670d9b
MD5 hash: c34d59f8b5b43d7ebf78dcc7560d8254
humanhash: fish-floor-alpha-apart
File name:INVOICE_2134509.iso
Download: download sample
Signature GuLoader
Create hunting rule
File size:176'128 bytes
First seen:2020-05-26 13:39:59 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 768:gN81834V3WTUMPUIfkZyw/h7zalUblQDZwHM3C27cKNvoRaFAbAi:l5VGTWIcZLxeUbl8aZ2pNvaJ
TLSH 2104080334E54CB2E93C9EB548B295542DB7BC1279294B17398CFE6C67732CA64A438F
Reporter abuse_ch
Tags:GuLoader iso


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: lycos.com
Sending IP: 199.96.83.18
From: sales1 <salvatoreaxb@lycos.com>
Subject: RE:RE: Invoice overdue for March,28 (last month)
Attachment: INVOICE_2134509.iso (contains "INVOICE_2134509.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1G71XlZQ7c-Wxgvyg8FFf59ec-8wU4Gds

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AE.5214.10825.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 14:35:56 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 4bd31a0c14f90e2b5f7edd7440964354e2819672b36c35697ff1bc03cf24a07c

(this sample)

GuLoader

Executable exe 6217eb209fb47afe8f9f9d99160fc920e1f50066f3be43dbd8e48ba8695f1c51

  
URLhaus
https://urlhaus.abuse.ch/url/369177/
  
Dropping
MD5 1c2c2e9c91f34b35742c73b7c0c7a3fa
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6217eb209fb47afe8f9f9d99160fc920e1f50066f3be43dbd8e48ba8695f1c51

Comments