MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6336647fc6fb00f31d16639b4d58b100b41bf4a08f48332dd2b5e47858b9eb6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6336647fc6fb00f31d16639b4d58b100b41bf4a08f48332dd2b5e47858b9eb6c
SHA3-384 hash: 73b9f450ac292455ab6d963df3f1dec9fb2a875f2f467cfae10124f6c5d07c23e89c26d13bcc4fd4cb21fbd112b1b890
SHA1 hash: 7c8c2eda3ceb568f9bf3ce216a5a7416c5c879f3
MD5 hash: 5bd91d416c96512a43c9568a7128e873
humanhash: magnesium-grey-carpet-nitrogen
File name:HYUNDAI MASS QUARANTREAT PROJECT.dwg.iso
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-03 13:09:02 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 1536:0SPfxV40PXUvBCJ4RXkgrKHxLdGKc+o0FDHdZ1gIC9e5oHLqlTUtHn6:1PXPEJ6SnKVdhjFD9z+9f7tHn6
TLSH 9D457B07ED4C8A53D2444BBD2D175E793B2DA90919006BEF747DAE9BAF312831CA710E
Reporter abuse_ch
Tags:geo GuLoader iso KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm45.hanmail.net
Sending IP: 203.133.180.233
From: 로이 유 <ssa9026@hanmail.net>
Subject: 견적요청의 件:HYUNDAI MASS QUARANTREAT PROJECT
Attachment: HYUNDAI MASS QUARANTREAT PROJECT.dwg.iso (contains "UY_LIST_ITEM.exe")

GuLoader payload URL:
http://ekenefb34logs.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/uyaka_pOdpLLVacD144.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 12:59:39 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
19 of 47 (40.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mm3gi76g7mapghiwmonu2wfrac2bx5far5edgloswxshqwfz5nwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 6336647fc6fb00f31d16639b4d58b100b41bf4a08f48332dd2b5e47858b9eb6c

(this sample)

GuLoader

Executable exe 53891fe5d9e2ae2f182407272fd849ddab52f577adbd7b127a3b042cf560b714

  
URLhaus
https://urlhaus.abuse.ch/url/374154/
  
Dropping
MD5 a12d047e5be480434770774fd17b9121
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 53891fe5d9e2ae2f182407272fd849ddab52f577adbd7b127a3b042cf560b714

Comments