MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c28def748a1e39be324dbf33e07e303356db9aaf42636be254abaeff225ff6ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c28def748a1e39be324dbf33e07e303356db9aaf42636be254abaeff225ff6ae
SHA3-384 hash: c2fed9fae244777848dbe6863e3889a1ed442c989c7f024572d3e38071e88d73f0bb7e3b59dbe59ad94061190a9f67f7
SHA1 hash: 72d48bb6c02faa55c9d0d6b310c7da24edd3345f
MD5 hash: c69942c45b854496022c3154cae7d0ab
humanhash: sink-jupiter-bacon-minnesota
File name:Order Image spec.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-04-30 11:19:33 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:7OGN0vnK8vYvSSyYNbVy9J8RRVgr+ceWdK/q0tGQ471ozhQ5oyb+DSPGoumDGpYc:7Z+K8fIbVywjgr+0dpbQ47kQSybso
TLSH 33458C9BB14AF213D6465830687393512D23FDA98AD94423FDACF3684FF2B5024F6E19
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: raysen.com.cn
Sending IP: 216.244.74.66
From: sales@raysen.com.cn
Subject: Re:Orders With Image Specifications
Attachment: Order Image spec.img (contains "BANK_COP.EXE")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.PonyStealer.em2@o4hFwYfi.388.2931.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 06:39:11 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ykg665ekdy434msnx4z6a7rqgnlnxgvpijrwxysuvoxp6is762xa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img c28def748a1e39be324dbf33e07e303356db9aaf42636be254abaeff225ff6ae

(this sample)

GuLoader

Executable exe 78f2c94c64775acc935a40cf63103e04ed2ace67a20e8eb533f4a3c2f40d2fe9

  
Dropping
MD5 75adea927ed8d5eedb84e8771edd7acd
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 78f2c94c64775acc935a40cf63103e04ed2ace67a20e8eb533f4a3c2f40d2fe9

Comments