MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e01331f3bb057cf4c1403dea2088a6bf5be2fe914c74abfb96cce6e04e0fd25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e01331f3bb057cf4c1403dea2088a6bf5be2fe914c74abfb96cce6e04e0fd25
SHA3-384 hash: 3e4f6551fc7ece3529a0691bf468e5d79ecd0e812e815790236674abd0e2b8419432a8c06581b4f02248dbac2f2d551e
SHA1 hash: 5b67eaeb03a403b20fab83f1a1c5c953efc90741
MD5 hash: 2a1ac1d8e82a07f6f94440aae1a2bae4
humanhash: equal-solar-papa-floor
File name:e-Voucher_UP7203052S.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-02 11:00:54 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 3072:6WElLMu507k2rT2pNeZB0b7nx0RGs7GgaD1UA2n3KH23vJwvTVIvVZT+8A:6NI7e
TLSH C3454B53FA468482F41046704D5BD6902B75BD1F6492661FB24E3F2ABBB235310FAB2F
Reporter abuse_ch
Tags:GuLoader img UPS


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: theusp.online
Sending IP: 45.63.89.156
From: UPS Express<delivery@theusp.online>
Reply-To: delivery@theusp.online
Subject: Package delivery
Attachment: e-Voucher_UP7203052S.img (contains "e-Voucher_#UP7203052S.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1L3x9zeeZYBqVVS6qFrPHfkn6pOq3M6pB

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 03:18:00 UTC
AV detection:
11 of 31 (35.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pyatghz3wbl46tauappkeceknp234l7jctduvp5znthg4bha7usq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 7e01331f3bb057cf4c1403dea2088a6bf5be2fe914c74abfb96cce6e04e0fd25

(this sample)

GuLoader

Executable exe c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3

  
URLhaus
https://urlhaus.abuse.ch/url/373526/
  
Dropping
MD5 78d33a1b238a86a23b8d0acd7f04a4db
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3

Comments