MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b30044e40a5e904f454564d7cb9667e8c48858a48e60d6f5189339d82228d5a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b30044e40a5e904f454564d7cb9667e8c48858a48e60d6f5189339d82228d5a8
SHA3-384 hash: dbcf23523c770a28d0721781af548ff344b5964976ad6f1c51d8a625d51edb5edc3b891fc04433b17ab0a1d93a8c9bf2
SHA1 hash: 56c4bc79168843fe566080bcb74e9070d72ae403
MD5 hash: 64ec0658d547ba81519646ae7084b4a7
humanhash: neptune-idaho-louisiana-butter
File name:Quote.iso
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-04 05:58:02 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 1536:tASPfxV40ZVXNHzVR77kgrKHxLdGKc+o0FDHdZ1gInZjrB+00gSmRbQ+:rPXT9HXKVdhjFD9zj2+R
TLSH 70456C13ED4D8693D1444BBD2D578E793A1CB91D09001BEF713DAE9EAF712822C9B21E
Reporter abuse_ch
Tags:geo GuLoader iso KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm44.hanmail.net
Sending IP: 203.133.180.232
From: 조석현 <sukhyun94-75@hanmail.net>
Subject: [긴급] 견적 요청의 건 _ 해성테크
Attachment: Quote.iso (contains "Quote.exe")

GuLoader payload URL:
http://bosar1759.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/NWATA_oJCLitM62.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 00:19:16 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wmaejzakl2ie6rkfmtl4xfth5dciqwferzqnn5iysm45qiri2wua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso b30044e40a5e904f454564d7cb9667e8c48858a48e60d6f5189339d82228d5a8

(this sample)

GuLoader

Executable exe 5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35

  
URLhaus
https://urlhaus.abuse.ch/url/378993/
  
Dropping
MD5 353b009f97180790a93f799d93e386a7
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35

Comments