MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f3cad766bb0f6eb204774ca2e2a73e211cd2ce6a3c4d5f20de892c98c553358. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f3cad766bb0f6eb204774ca2e2a73e211cd2ce6a3c4d5f20de892c98c553358
SHA3-384 hash: efa7c7fa6c31c285d717047fcb96fdaf8376187f752a73859b783a28a24672b60ce06ebab71c4e93b47e3d19a2349cda
SHA1 hash: 69fa82ffa85ed4ebded58f24e2542ff735dbebec
MD5 hash: 50667981b80db801347f243b0c6e084b
humanhash: sad-four-green-aspen
File name:file.xls.iso
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-03 13:10:29 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 1536:ituSPfxV408bwznjla5TckgrKHxLdGKc+o0FDHdZ1gIjZ2VsyeKkCeYAiQSq:+HPX8bwzjiqKVdhjFD9zPEUiG
TLSH 95457B07ED4E9A13D10487BD2D578E793A1CA91E09005FEF717DAE9BAF322422CA711D
Reporter abuse_ch
Tags:geo GuLoader iso KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm51.hanmail.net
Sending IP: 203.133.180.239
From: 박유신 <parkyuhshin@hanmail.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.
Attachment: file.xls.iso (contains "WJ2_quote.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1QlyfqBw80FfX4nndjdakVUAjsDuF7dFE

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:51 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
12 of 31 (38.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t46k25tlwd3owichotfc4ktt4ii42lhgupcnl4qn5cjmtdcvgnma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 9f3cad766bb0f6eb204774ca2e2a73e211cd2ce6a3c4d5f20de892c98c553358

(this sample)

GuLoader

Executable exe 41c40f2da6eefedf43d955988e5a29fec18a14b024741209acfd7a225899a3e4

  
URLhaus
https://urlhaus.abuse.ch/url/374176/
  
Dropping
MD5 44d1ccacc9608bf962aa8b86c33a2281
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 41c40f2da6eefedf43d955988e5a29fec18a14b024741209acfd7a225899a3e4

Comments