MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68ee99d3541132d015ee0ac88a7b0047b8eec3f0500af6b57ce19b159fa57f6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68ee99d3541132d015ee0ac88a7b0047b8eec3f0500af6b57ce19b159fa57f6b
SHA3-384 hash: d6c33a7e4ad7d6f9527c5785b0ebacc81781f5d26081d845c628a7d6b48ab230161915ce1e9b91a8c4b5b1c652aa2624
SHA1 hash: 83941a5fd78a38752cb829f0f574bfdd4ebcd625
MD5 hash: 7152ae934a2fabb1efd9e3c76740f556
humanhash: johnny-mobile-london-eleven
File name:Dwg.pdf 269..img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-04 06:04:07 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:Zx+2OSPfxV40x8bQOkgrKHxLdGKc+o0FDHdZ1gIepc2rnSw5/Hc81U:ZsCPXSKVdhjFD9z684VU
TLSH EA457C03ED4D8613E14487BE2D668E7D3A2CB91C58015BDF717D9E5BAF312822CA721E
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.ecomotorhk.com
Sending IP: 162.144.56.225
From: DUBHECO <chloe.jeong@dubheco.com>
Reply-To: chloe.jeong@dubheco.com
Subject: DUBHECO - INQUIRY(A-20026981) LNG VENUS / MITSUBISHI HEAVY NAGASAKI 2295 (IMO:9645736) _02232
Attachment: Dwg.pdf 269..img (contains "order.exe")

GuLoader payload URL:
http://149.255.36.133/bin_PqLAqQjAza233.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Npe
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 03:00:09 UTC
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ndxjtu2uceznafpobleiu6yai64o5q7qkafpnnl44gnrlh5fp5vq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 68ee99d3541132d015ee0ac88a7b0047b8eec3f0500af6b57ce19b159fa57f6b

(this sample)

GuLoader

Executable exe 97e006c5ca29100601289b632e22049f5d8f955c008073fea9791b13cd10849c

  
URLhaus
https://urlhaus.abuse.ch/url/378987/
  
Dropping
MD5 ad3014758bfa4c4aced1b996d92b3ca0
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 97e006c5ca29100601289b632e22049f5d8f955c008073fea9791b13cd10849c

Comments