MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d13c636473174bbdbbc98895f8f05fb4ba97323c8c52b8473655f7248b353e76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d13c636473174bbdbbc98895f8f05fb4ba97323c8c52b8473655f7248b353e76
SHA3-384 hash: e542536a8185f7845f0e43c1f97328e4d35c0dba582436080962a2dc498cc1975b89aed49e6460e8a834b600d2d057c7
SHA1 hash: 982a999569e50de4c76c5719364607072b4494a6
MD5 hash: b7adc3984903da49aa176cbea1fa88bb
humanhash: leopard-mirror-alanine-fish
File name:PAYMENT TELEX.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-28 07:04:20 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:vWL/1CrLNyvaq4Tai49YI2OqCXka/t31PoLInIkKynkmmARCft7X8j:rxA9YI2+FdoL6IcnZMfpE
TLSH 61458312BA99AC7DC58A39F15C8958962A0A6D00BF0412EF31DCF77D73368F16C71B1A
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.boellhof.com
Sending IP: 45.95.169.21
From: Ms. Wong Jeong <smbwz@mail.hz.zj.cn>
Subject: FW: Emailing: Payment 28 05 2020, INVOICE 20.05.20 Baltic Processing SIA
Attachment: PAYMENT TELEX.IMG (contains "DIVISIONSCHEFERNESMA.exe")

GuLoader payload URL:
http://185.205.209.166/wext/ori-2_vQiXO168.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.PonyStealer.jm0@FqqfTbi.1596.24404.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:38:05 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img d13c636473174bbdbbc98895f8f05fb4ba97323c8c52b8473655f7248b353e76

(this sample)

GuLoader

Executable exe ff8da3f9d4933d6a6b600d3b34e2fad0e00d9a82cb056a33ed030c16d75a944a

  
URLhaus
https://urlhaus.abuse.ch/url/370259/
  
Dropping
MD5 cd5c0d629706c9eb0709107542a0e324
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ff8da3f9d4933d6a6b600d3b34e2fad0e00d9a82cb056a33ed030c16d75a944a

Comments