MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5e9d6f86e016ec136f226bc810963123ab424a428ba12d3cf4142bbebe9b547. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5e9d6f86e016ec136f226bc810963123ab424a428ba12d3cf4142bbebe9b547
SHA3-384 hash: a15c0de64ab16678cab464f0f4bd2d79d25f8a060a3e7e2b71c3056b893842cdb92302a28cc0cc2954b3cce0dfaaf163
SHA1 hash: 1134ffbbea33676875c101dc24da321286546f2e
MD5 hash: 81ffbbaf0abf438ea867c220ffd1c19d
humanhash: potato-oregon-high-may
File name:Drawing_RFQ_V40795.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-27 17:28:30 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:nkqfD+zyGtzH1wifFI45VXDXOKiGE2z4QJ32afuYdf19MnTJgCJPjJdawreAX:XD+mGVH13fb59OpGE2z4o3DF8n6CJG+
TLSH 7745E923BAE09CB1E8608FB20D7186991D36FD6D6B200B17754CBB5D3F361CB199076A
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: fran.com
Sending IP: 83.166.245.173
From: RINNO\ <RINNO <andy8645@naver.com>
Reply-To: andy8645@naver.com
Subject: Request for Quotation - V-40795
Attachment: Drawing_RFQ_V40795.img (contains "order.exe")

GuLoader payload URL:
http://185.94.191.88/bin_qNQJqzF250.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 17:37:04 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img b5e9d6f86e016ec136f226bc810963123ab424a428ba12d3cf4142bbebe9b547

(this sample)

GuLoader

Executable exe 26c22b4054e91bf9d7b89ae538496d9b728486ae6b337ca31dd01f3200d7d7f8

  
URLhaus
https://urlhaus.abuse.ch/url/368753/
  
Dropping
MD5 946da70a1f871463a031c3aaa29f09c3
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 26c22b4054e91bf9d7b89ae538496d9b728486ae6b337ca31dd01f3200d7d7f8

Comments