MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b59e686aeccb31bc246a4fc4d58d4ff8513902cae3205b0685c4def4b92aa988. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b59e686aeccb31bc246a4fc4d58d4ff8513902cae3205b0685c4def4b92aa988
SHA3-384 hash: 727573d2dabe6c16147c694e8deee904e9f072bd8e038cb1caec4aab53a7e870ce562a0ea2375e27a1cbea6c91f73726
SHA1 hash: 25ad821257d1d42a2dc046b03c877af59198de97
MD5 hash: 54ff06abeae820e0e33ed1cc824f5fab
humanhash: march-colorado-emma-tango
File name:Rev-PO-068789MT100_65657_Sample-Order-Specifications.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-28 07:20:21 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:wurMfd7Q1ejIQqpjv0tWxVTLnBpSwIT0L+C/YykTUDbjpgOvVXlnNDYMPa5mgHB:w3d7Q1oqpvvvTtLITbgDGOVLi
TLSH 98453B22B76ADCA1E9C504B0D8D2D5F50561BC24C902CA2B76C87F2E77770C26D9E73A
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm80.hanmail.net
Sending IP: 211.231.106.155
From: 김광식 <kwang3308@hanmail.net>
Subject: RORZE: Request For Quotation-Sample-Order-Specifications
Attachment: Rev-PO-068789MT100_65657_Sample-Order-Specifications.img (contains "Rev-PO-068789MT100_65657_Sample-Order-Specifications.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1mllEh9vMrJcFFK_KrrrzrL8m7MexP2dR

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50222.16084.27974.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:37:59 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img b59e686aeccb31bc246a4fc4d58d4ff8513902cae3205b0685c4def4b92aa988

(this sample)

GuLoader

Executable exe 74be8ec7f1c7a53246ebfbf34940e271ce2f12fe3d1beb10c5b6d2f03606739b

  
URLhaus
https://urlhaus.abuse.ch/url/370278/
  
Dropping
MD5 f236dee45b4a983b49f2f8498da5e7be
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 74be8ec7f1c7a53246ebfbf34940e271ce2f12fe3d1beb10c5b6d2f03606739b

Comments