MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bdb3597de8337b9efeb0b6f8bf3b6161ba75aa1656b3e460fd6fac25a98af09a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bdb3597de8337b9efeb0b6f8bf3b6161ba75aa1656b3e460fd6fac25a98af09a
SHA3-384 hash: 2cbe9b1022e810be8ef037986c760da0b3f621889edd62e8d08c2b3b31799ea9e2d5a26b1297525e94c59af90afd9470
SHA1 hash: aade31eb600b6b3114bbe2271cd97281eac3f23f
MD5 hash: 69beb9daeaa85005ec94ea1f18da5883
humanhash: berlin-mars-batman-gee
File name:INVOICE.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-26 07:21:05 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:Ko+ZBuCPpCidtUVwrySB3FBOiSXj0JhIlX3jqA+nh+ez/IKASOwbDW:vMRBCkUwZ3n7SzweqLI1wbDW
TLSH 664509E1F2F0107BD2B3EE708E7681E801BB7D3C360994173A5C798A0B7D949D56962B
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vm9win2.securesurfs.co
Sending IP: 162.213.42.222
From: Exports Suppliers <support@goldfx.co>
Reply-To: support@goldfx.co
Subject: Re: Invoice
Attachment: INVOICE.IMG (contains "RFQ.exe")

GuLoader payload URL:
http://37.72.175.206/bin_tsIZxkjw175.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43223169.12161.22730.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 02:45:10 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img bdb3597de8337b9efeb0b6f8bf3b6161ba75aa1656b3e460fd6fac25a98af09a

(this sample)

GuLoader

Executable exe bf2c56fa8b5e9c316ec1dd825a2f0275bc3a8356723d7cd0ff2a3ca5166e6e52

  
URLhaus
https://urlhaus.abuse.ch/url/368665/
  
Dropping
MD5 b613be4230e85742dad201e906f79200
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bf2c56fa8b5e9c316ec1dd825a2f0275bc3a8356723d7cd0ff2a3ca5166e6e52

Comments