MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5080315be29757edfe5fa4db27a78ed169471607e072d7483fe0c4cf5f81e699. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5080315be29757edfe5fa4db27a78ed169471607e072d7483fe0c4cf5f81e699
SHA3-384 hash: db19ddf2f2cb797dc135533a84e541af3e0c866ff033a919c183ee9056efe79d5f2be183ee7ab03356d42e62f0604569
SHA1 hash: 5895cdcd985dc9cca60cd6123d1684acf99c84e9
MD5 hash: 1ad2a2a561b2b6629a962c79abefc8ec
humanhash: lake-alabama-delta-lake
File name:KOMERC.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:18'638 bytes
First seen:2020-05-22 09:48:51 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:AJQ8hNuagjG0qnI2LGJiGf77cB4fdllfCug7Ns+Vz5uQlThHpi+c8Kn:Aq8/uagKxI6GbncB4fHwusK+VVjhHY
TLSH 2F82C08A07CAEDAC0D993EEC884685F4D647D9DA61EE3D14B48A6C99D3D40C41939C3A
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yisun.co
Sending IP: 111.90.159.196
From: Zhaohui Liu <liu@yisun.co>
Subject: AW: YANCHENG- ORDER GOOCE
Attachment: KOMERC.rar (contains "KOMERC.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1OJhlL8Uk9dGI3niYQPd41SrhsC_DT2P9

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 04:36:13 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 5080315be29757edfe5fa4db27a78ed169471607e072d7483fe0c4cf5f81e699

(this sample)

GuLoader

Executable exe b26b6fd030ce29451797859444a1bd9e0a717b06a2909406e68edf183887632e

  
URLhaus
https://urlhaus.abuse.ch/url/366490/
  
Dropping
MD5 3315a2082a25adf267d208e8da056d22
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b26b6fd030ce29451797859444a1bd9e0a717b06a2909406e68edf183887632e

Comments