MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d23608b336c00aa83a96d785c830d71d84cc42b296f9ca50852bf520c0fdf6bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d23608b336c00aa83a96d785c830d71d84cc42b296f9ca50852bf520c0fdf6bb
SHA3-384 hash: 7012c7ffd07bb6adc383498cce89aade6fbb3764bfee9fa1635f5b229332dba0abf8b5027d9e15fce0c0b8ad9a076fd4
SHA1 hash: 5d010a172bf8ee70d923582866df3552adafe646
MD5 hash: 03a36cb791eb16b73ee3e539ae881706
humanhash: asparagus-social-fourteen-asparagus
File name:RFQ For Hyosung Vina Chemicals PP4 Project, VIETNAM_pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:45'739 bytes
First seen:2020-06-08 12:05:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:98NrX6g0yMirFL56vt/j+73BwQUcd2yNZqpoi/EqIOfYJPydJ7VIuZNY8/18c:E6PyFVOt/MSQNYyqv/E5PWeuZNYkWc
TLSH 742302AEBDB1224B6328A3CD5AE7B480192478F939D3539C374557714F8E4B02DBA0A7
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.einihutintl.gq
Sending IP: 94.100.28.210
From: Mr. Kyoung-Ju, Lee <kar@hec.co.kr>
Subject: HEC [Hyosung Vina Chemicals PP4 Project, VIETNAM ] RFQ for DQRE-MR-MR-005 Vietnam DQRE-MR-MR-005 PRODUCTS AND EQUIPMENT
Attachment: RFQ For Hyosung Vina Chemicals PP4 Project, VIETNAM_pdf.gz (contains "RFQ For Hyosung Vina Chemicals PP4 Project, VIETNAM_pdf.exe")

GuLoader payload URL:
http://new.smbtrinidad.com/over_JmlNylz10.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.52497.28165.9043.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 12:07:07 UTC
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2i3armzwyafkqouw26c4qmgxdwcmyqvss344uueffp2sbqh5625q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip d23608b336c00aa83a96d785c830d71d84cc42b296f9ca50852bf520c0fdf6bb

(this sample)

GuLoader

Executable exe 0494c6b3493335509d5fdce6d9592d796e592fee648f42dded58ddc29e3565a1

  
URLhaus
https://urlhaus.abuse.ch/url/383090/
  
Dropping
MD5 e7e49886e05dc77c7578cae1707c3d65
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0494c6b3493335509d5fdce6d9592d796e592fee648f42dded58ddc29e3565a1

Comments