MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a404466ac6fdc46c58f66008d85bc33495806aa2c990ba103240306c718fad06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a404466ac6fdc46c58f66008d85bc33495806aa2c990ba103240306c718fad06
SHA3-384 hash: d49e15684ecf85aacae301038e181f32b5b768b41cc37a8e8c2ef54946e8fff47c54a322fcff2c81c874e57fc3dc825f
SHA1 hash: 509b6e1cd3837fab610b13f112dfc9a34884d773
MD5 hash: 376606f71ffbe838f8103b81dcf2f0f1
humanhash: carbon-potato-cup-lithium
File name:VALEO GMBH RFQ 20GP - 0529SSVALGM.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-21 08:40:05 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:RzVu86iOxYbskRzFCyC5irUVSRW8ZPCxi:0xY4GhdC5oUVS88ZPCxi
TLSH 7C453B369664BEB6E57243F15C7152249123BDA301720B1BB6CD7E1C0F37B8AE96032B
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: poc.pulapint.nl
Sending IP: 134.209.241.96
From: RR Brothers & Logistics <cs3@rrbrothers.cn>
Reply-To: cs3@rrbrothers.cn
Subject: 1st Quarter payment by RRBL released on 18/5/20
Attachment: VALEO GMBH RFQ 20GP - 0529SSVALGM.IMG (contains "VALEO GMBH RFQ 20GP - 0529SSVALGM.exe")

GuLoader payload URL:
http://iloims.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_KzCRv103.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47887.26517.29859.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 03:04:34 UTC
AV detection:
13 of 30 (43.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uqcem2wg7xcgywhwmaenqw6dgskya2vczgiluebsiaygy4mpvuda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img a404466ac6fdc46c58f66008d85bc33495806aa2c990ba103240306c718fad06

(this sample)

GuLoader

Executable exe c786900907fb436588483d9e7687c3abc6c0d2a72c9dbd17b5bdc1415df4c34f

  
URLhaus
https://urlhaus.abuse.ch/url/365780/
  
Dropping
MD5 234b6c7bd1f3cdc2ec4db4a56fe1f72d
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c786900907fb436588483d9e7687c3abc6c0d2a72c9dbd17b5bdc1415df4c34f

Comments