MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0d64df5d7bbbdf2f93afb81e9e3b9f64604a49bdccd21bbf2f27ac024f4be66. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0d64df5d7bbbdf2f93afb81e9e3b9f64604a49bdccd21bbf2f27ac024f4be66
SHA3-384 hash: 6f47e46af5c68f10e99a3581246c8696c2771e1c219344fd7b044f967307770669ac69b1905a11c96936f313e6a209fd
SHA1 hash: 80465aef5bcae359776acf84958716e68d1616db
MD5 hash: 0c8cc7db97af6d7bbbeeab2b1266d9d9
humanhash: victor-yankee-winner-potato
File name:TT COPY OF PAYMENT.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:155'648 bytes
First seen:2020-05-26 09:14:27 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:Gp1p7x5DDyyTl8pTCwcgr63rCg01RuR5N273wACJRnrcdQTjyC1ZxP21:gayTl8pJlV1UHHAAYuTWmY
TLSH 68E32AA296F47FB1E9B287B09D714100C8237D220836A68FB0CE751D2B77E45D5B1B6E
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm81.hanmail.net
Sending IP: 211.231.106.156
From: κΉ€μ˜μˆ˜ <hjkimysoo@daum.net>
Subject: Fwd: Re: Re: Remittance Returned To Our Bank
Attachment: TT COPY OF PAYMENT.img (contains "T.T COPY OF PAYMENT.exe")

GuLoader payload URL:
http://ukaimc.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_CdsfygT67.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:11 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
14 of 47 (29.79%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img a0d64df5d7bbbdf2f93afb81e9e3b9f64604a49bdccd21bbf2f27ac024f4be66

(this sample)

GuLoader

Executable exe 47c4518661a80adc00b208c24ba1726bd1074360eec4c2e3d265f6c412f745f9

  
URLhaus
https://urlhaus.abuse.ch/url/368718/
  
Dropping
MD5 2b8641a9769f1d7bd5051d8e38b3b4b1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 47c4518661a80adc00b208c24ba1726bd1074360eec4c2e3d265f6c412f745f9

Comments