MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0388c7a1091cf2d06162f05e5709efe938d8fa0abdacd1493cbac77163b0229. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d0388c7a1091cf2d06162f05e5709efe938d8fa0abdacd1493cbac77163b0229
SHA3-384 hash: 54b9caa290848e66a47475b45504bdcf840d52cdc562e9dd24c7601cc2a875105958e1cd9c9fb77ab575d426093dd11f
SHA1 hash: c216b5636e1f813614d4e0e639efd1f88c346591
MD5 hash: cbf608d9ffe4c78fafa3c0926207b865
humanhash: louisiana-south-network-maryland
File name:file.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-25 13:21:58 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:Pqtl9n6qN2j2hfOVnkAq50AoriCk7n92Bvv4:PqX9n6qlJOlkheAoBkBb
TLSH 7345D5137AE9FCA1E9164EB249D2ADA40D35BC202C505E4B721EBB1D1B3B5902FB1736
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm32.hanmail.net
Sending IP: 203.133.180.216
From: Charles Kim(김현철) <t2963@daum.net>
Subject: 견적요청서 송부의건
Attachment: file.IMG (contains "file.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1K4-CGVEYzdkwxrvRrCnPp6QMsL8Vb8-m

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.EMCN.19265.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 13:37:05 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img d0388c7a1091cf2d06162f05e5709efe938d8fa0abdacd1493cbac77163b0229

(this sample)

GuLoader

Executable exe ed1148a724d239376a2f9564f23ae474c2f862d9d4e2b8706d955db399cf28f7

  
URLhaus
https://urlhaus.abuse.ch/url/367841/
  
Dropping
MD5 763005b16d50b6928c4efbd890754c09
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ed1148a724d239376a2f9564f23ae474c2f862d9d4e2b8706d955db399cf28f7

Comments