MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb27a7872b661f94c0a1ffb825700131c93d3abb1b55d62a4550f392f28b3fba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb27a7872b661f94c0a1ffb825700131c93d3abb1b55d62a4550f392f28b3fba
SHA3-384 hash: b70a59c5aa8b9ee4eb253f94ec2c9d85451b01d3b8d3d954fb2734e5094ccee470d6cc4d53fb86a9c2b882265df22c74
SHA1 hash: 19df69c46cf687db7084e40b4e44436b114c6e83
MD5 hash: 5e936a85e4808ede89cc9f10d3782d12
humanhash: lion-fifteen-sink-mexico
File name:i_Remittance.iso
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-12-03 17:41:31 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 384:0pBYlbXDIEvUNEqbBKV6HDlSAxrZ7haSeVnFEEfJkbCmCTQgogpkgQwX/P:0fOzLYBMVqz74Z1FQ+mNd5U
TLSH E8C3E903F6438866E4C345B35F72576841933D65AE726903B8AC7649FB339C0B86DB1B
Reporter abuse_ch
Tags:GuLoader iso


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.jayaproperty.com
Sending IP: 119.235.255.130
From: Vale <sales@horeco.com>
Subject: Payment Remittance Advice.
Attachment: i_Remittance.iso (contains "i_Remittance.exe")

GuLoader payload URL:
https://mindforcehypnosis.com/fas/decemberomo_FkoIc77.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
328
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb27a7872b661f94c0a1ffb825700131c93d3abb1b55d62a4550f392f28b3fba/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xmt2pbzlmypzjqfb764ck4abghet2ov3dnk5mksfkdzzf4ulh65a._file
Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/bb27a7872b66/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bb27a7872b661f94c0a1ffb825700131c93d3abb1b55d62a4550f392f28b3fba

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso bb27a7872b661f94c0a1ffb825700131c93d3abb1b55d62a4550f392f28b3fba

(this sample)

GuLoader

Executable exe 21afff77ea0ce89dca2d925ed0d8b5a61f7ab42ca9aca78019843e9e251bbcb3

  
URLhaus
https://urlhaus.abuse.ch/url/886247/
  
Dropping
MD5 88082512c0e181dad2f506893c40657b
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 21afff77ea0ce89dca2d925ed0d8b5a61f7ab42ca9aca78019843e9e251bbcb3

Comments