MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b1192226860030d38e1907eb617eed0c8d3ecf5eff7ee0bd60f110e0c5f7ee0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b1192226860030d38e1907eb617eed0c8d3ecf5eff7ee0bd60f110e0c5f7ee0
SHA3-384 hash: 2ab6dd8dcaa7df0a125fc059b77851f95d6b94e165beb034b3c80c841bc2bb20b7d8cc06a4f3b91e91b467ad18b478a2
SHA1 hash: 9360fc05aa5d8a28aac4aef24a46506111e9f71a
MD5 hash: 86e55df25ca9fe2ffcf91927a269c5c6
humanhash: tennis-oscar-zulu-asparagus
File name:PO-order782637728278727783.img.iso
Download: download sample
Signature GuLoader
Create hunting rule
File size:163'840 bytes
First seen:2020-06-09 11:53:56 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 1536:ce4u4c/lEiwWnSKBCTYdVen5J+GJNwK7OosYY8cnLhcQp9dOus89:ce/lBSKAToVeH++3alhcQZOus89
TLSH 50F38DB6BAD16FA1E5440AB539B48268216BBC3102F1861F73CC6F2E2773D91F562353
Reporter abuse_ch
Tags:geo GuLoader iso TUR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ber-sa.com
Sending IP: 45.153.241.147
From: surat<admin@ber-sa.com>
Subject: ISTANBUL PROJECT-OFFER REQUEST
Attachment: PO-order782637728278727783.img.iso (contains "valgnederlagenes.com.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=2A23967391108A38&resid=2A23967391108A38%21106&authkey=APY1s0yVrWA_NOk

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.ch.13057.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 11:55:08 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pmizeitimabq2ohbsb7lmf7o2denh3hv57364c6wb4iq4dc7p3qa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 7b1192226860030d38e1907eb617eed0c8d3ecf5eff7ee0bd60f110e0c5f7ee0

(this sample)

GuLoader

Executable exe bee2e75a7187b8d59c62e37425a14998512cdc6d5cf0023151ad071f0750f4c7

  
URLhaus
https://urlhaus.abuse.ch/url/384566/
  
Dropping
MD5 c57167e8b33c683c78e4b4f3fc8cfe97
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bee2e75a7187b8d59c62e37425a14998512cdc6d5cf0023151ad071f0750f4c7

Comments