MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 80f1056e75336a0a1ecdd8ecc9f09a80e7772e017ef97127f6f4e053c4e4170f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 80f1056e75336a0a1ecdd8ecc9f09a80e7772e017ef97127f6f4e053c4e4170f
SHA3-384 hash: 4ecb861268893bfbd9123ffb1801439b2e31eb1c5fd5f9de89d9c5935e35b1003194ff5e9b36de7b8e587ad841f0d404
SHA1 hash: 1974fd5c8bcdf219e953dd14c47140f41beb8773
MD5 hash: 2f79681a85ce0753d7e66acad08edded
humanhash: eighteen-shade-jupiter-michigan
File name:VP-XPE-S007-LT-002_SPARE PART LIST.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-26 09:16:38 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:8P0xTU5fJpqQmJ4WdT5sf74FH4y8fLDyu0IVJWUTXE65n8SkDzb0:8P0ZUlPLmJ4A474FPkJd5ODzw
TLSH EF451823B1D44D91E91C1FB2486755A79A32FD22BA901F1B770EF71C273A1C639B432A
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm86.hanmail.net
Sending IP: 211.231.106.161
From: 이태수 대리 <thlvkfl68@hanmail.net>
Subject: FW: [XPLE PJ] Project RFQ/ Spare parts list [예산견적]
Attachment: VP-XPE-S007-LT-002_SPARE PART LIST.IMG (contains "VP-XPE-S007-LT-002_SPARE PART LIST.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1FaIrcjvh13I-GykLsBIbuVk9NXRIJfyH

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:04 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 80f1056e75336a0a1ecdd8ecc9f09a80e7772e017ef97127f6f4e053c4e4170f

(this sample)

GuLoader

Executable exe fbaaf4a20caaded35148803f10962ddbb81270216842b817d0a961e5be13c405

  
URLhaus
https://urlhaus.abuse.ch/url/367850/
  
Dropping
MD5 bab3d1881995072e584cab33fe5fcd3f
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fbaaf4a20caaded35148803f10962ddbb81270216842b817d0a961e5be13c405

Comments