MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a313b0ecf7eabda350bffe908dc0460b12157fe341ea4bf7ffe2a235e9c8d824. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a313b0ecf7eabda350bffe908dc0460b12157fe341ea4bf7ffe2a235e9c8d824
SHA3-384 hash: a73b7c29791e14e2c082d0d3bb8886d97e07b6df7ff82444c5978194485e2fc2f2fd84e0ea200be6c40db61099284e2f
SHA1 hash: 741e7f021a0ffeecb6d9bdffb7894d0295821cb1
MD5 hash: bca194adc7f0d4e5df12b218134f3b24
humanhash: violet-maine-mirror-grey
File name:20200527.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-27 16:45:59 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:bxiGpkLpIuRIG1Zedgyohld1uavD+WPDkIECJIjbS+oArh:bxiakLp1j8b3oAd
TLSH DB45FA0B76809C73EC248FB19972A5616D32AC35AD104F57764DB72D6B33BCA2DA031E
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm43.hanmail.net
Sending IP: 203.133.180.231
From: 이재호 <hdtreng2006@hanmail.net>
Subject: 요청자료목록
Attachment: 20200527.img (contains "UYPO20200527.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1_Wr9XlwvHIPpr96WNN2zSDfkf__SwqFU

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33911445.24854.28795.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Npe
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 11:47:18 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img a313b0ecf7eabda350bffe908dc0460b12157fe341ea4bf7ffe2a235e9c8d824

(this sample)

GuLoader

Executable exe 80e21d81ac45f491b022b9b17224e4fb4c8bc034282ff3a6836b8273dc02afba

  
URLhaus
https://urlhaus.abuse.ch/url/369910/
  
Dropping
MD5 1b4a888ca524d3a71f5ff7f8577cd522
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 80e21d81ac45f491b022b9b17224e4fb4c8bc034282ff3a6836b8273dc02afba

Comments