MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8960c59105c173a34d7e6db9450ef3ce5c3edaa2f81350f170f1cfa9aff93e63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8960c59105c173a34d7e6db9450ef3ce5c3edaa2f81350f170f1cfa9aff93e63
SHA3-384 hash: 9df5979bd9e0cd7c628f91c811e68fadd6e7e7d7816240eece1e6b59dfccacd434503358e794165681c60ffaa5d89bae
SHA1 hash: 6e1189432469825ea2b51d2301f0f05bb2dfa099
MD5 hash: f0e83d48da1b4a65642b77a9f6720c7a
humanhash: oven-monkey-friend-vermont
File name:Quotation.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-09 06:31:49 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:6i9qu1aL3mNtlrHBOjrnB/twUBc6QZTHi6JssvXRZ4uFYroJLxeZaQUfCT4o:nUuRtS5FwuIZriabvh/llxeZaPi4
TLSH 61458D07AA04C152E1504BB01CD75BF45B26BC2C1981AF9B75AC6F0FEB757922CAB32C
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.facetohen.ml
Sending IP: 64.52.164.226
From: (주) 해성테크 <michael@facetohen.ml>
Subject: [긴급] 견적 요청의 건 _ 해성테크
Attachment: Quotation.img (contains "Quotation.exe")

GuLoader payload URL:
http://slimbosahiyke.webredirect.org//uploud/5bab0b1d864615bab0b1d864b3/Nwata_Aegxb153.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 06:33:06 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rfqmleifyfz2gtl6nw4ukdxtzzod5wvc7ajvb4lq6hh2tl7zhzrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 8960c59105c173a34d7e6db9450ef3ce5c3edaa2f81350f170f1cfa9aff93e63

(this sample)

GuLoader

Executable exe 620e100a8454a1fe2978e299f7b591c07589bf257bd2b1913c3b7ad601699e4b

  
URLhaus
https://urlhaus.abuse.ch/url/384272/
  
Dropping
MD5 b2434de431f8bff7a9997316c448498d
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 620e100a8454a1fe2978e299f7b591c07589bf257bd2b1913c3b7ad601699e4b

Comments