MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 acffceba094270c1e690f7989971916db895f89262aa583351335360cdf6b1b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: acffceba094270c1e690f7989971916db895f89262aa583351335360cdf6b1b6
SHA3-384 hash: b42740859a4544fb00076356d2fdfaf7667be3cf8fe458083a1ecc68ffad95d594492695b09023e96f6d4268026f51d8
SHA1 hash: c7f8474db81d49b4d2726a2726739033d13eb618
MD5 hash: 13c31700517d07e92d7108ad2643465a
humanhash: texas-august-two-july
File name:QUOTATION.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-21 08:16:36 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:9f6ekeC9Fm0HVRwABY+JxU9olRFWmoor8knen8/mBXJ7lbdt/uv/fKkWpSCJ:9Dkxm01RwYYJ9KbH7e8/wZ7z92FgH
TLSH 2945E821F664DCB1EA2847FD2F744698212BFD348863DA0735CE761C0BF2A89E870756
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: qq.com
Sending IP: 59.36.132.88
From: AD <ad@rxtechvn.com>
Subject: RE: Italian || Quote and Price List Request
Attachment: QUOTATION.img (contains "Quotation.exe")

GuLoader payload URL:
http://45.132.241.148/tt/gud_oKWgE232.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.12509.32182.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 04:58:34 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vt745oqjijymdzuq66mjs4mrnw4jl6esmkvfqm2rgnjwbtpwwg3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img acffceba094270c1e690f7989971916db895f89262aa583351335360cdf6b1b6

(this sample)

GuLoader

Executable exe 2e610af420add602c83e3cf56613ce2d25a448822721de59b59841d59f707304

  
URLhaus
https://urlhaus.abuse.ch/url/365783/
  
Dropping
MD5 3ca4ddccbb437df7862315f0dee4e4d6
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
URLhaus
https://urlhaus.abuse.ch/url/365834/
  
Dropping
SHA256 2e610af420add602c83e3cf56613ce2d25a448822721de59b59841d59f707304

Comments