MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a62e23c603e078dedc7fa838a50e51055797bc48a255813ed7195ef0cab1923. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a62e23c603e078dedc7fa838a50e51055797bc48a255813ed7195ef0cab1923
SHA3-384 hash: e0b25181f2b70e557134d1a8a6cb5c2a300adcc514deffabe88b2f678a86a668ab8a53561c247eca5b5e60f2558e8017
SHA1 hash: a8ccaa98a599c139757d818ef2508fbdab755f5d
MD5 hash: 82b81541d313a8afdaa8ca84527930e2
humanhash: twelve-london-lemon-lithium
File name:New-PO-0576879-Rev-Order-Sample-Quotation.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-27 12:59:33 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:zncLzrQHkZcDl2JDywilf1yXl0AFgB1O1Qx/A+phEpTfpfkFVIeNSDbaJZbI0OAH:k49k2j10l0xPWQvIpfkweNS/QI0O8
TLSH 4245E91BBA90ACB2D8718B731875D5A15D36BC3969010F17730DB71D1BB76CB2EA032A
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm48.hanmail.net
Sending IP: 203.133.180.236
From: 이철승 <go7604@hanmail.net>
Subject: New-PO-0576879-Rev-Order-Sample-Quotation
Attachment: New-PO-0576879-Rev-Order-Sample-Quotation.img (contains "New-PO-0576879-Rev-Order-Sample-Quotation.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1B8swPxlgM2e5GdJBu4cY5UJU9mrQbmTv

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50056.26148.29436.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 13:36:09 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
14 of 30 (46.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 8a62e23c603e078dedc7fa838a50e51055797bc48a255813ed7195ef0cab1923

(this sample)

GuLoader

Executable exe e013766345fe3fc36669625205e1088b24b4c9cd5b42696cdcf3cd31d76c8a35

  
URLhaus
https://urlhaus.abuse.ch/url/369896/
  
Dropping
MD5 aa0775ce158af8c498af68e03807441a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e013766345fe3fc36669625205e1088b24b4c9cd5b42696cdcf3cd31d76c8a35

Comments