MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d839626491cde3ebff8041628557461a57b5fee35ded0a1140ee7daeebe310f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d839626491cde3ebff8041628557461a57b5fee35ded0a1140ee7daeebe310f4
SHA3-384 hash: 0c2dc511521e5ab8942e6567cdd12091c0e7824e576b15336434c5b1cd3b7563cfafc2cf3c62d836413c5d0867a4c480
SHA1 hash: 4687d48f0d106b8441e4c792da76b7579fd978f0
MD5 hash: df1f6622546b31e93f4d74eca166a101
humanhash: princess-spring-glucose-monkey
File name:XPE-S007-LT-002_SPARE PART LIST.ISO
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-25 13:31:51 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 1536:vBf4LObbVDWq5ehxLvSXSd+lMdSeJBNX:ZyOlaqkvSY+lV6
TLSH B545C59377D4ACD2EC110FB00CD16AA49E2ABD2A1EA16F07384EB74E177B1C51BE1365
Reporter abuse_ch
Tags:GuLoader iso


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm51.hanmail.net
Sending IP: 203.133.180.239
From: 이태수 대리 <kate122094@hanmail.net>
Subject: FW: [XPLE PJ] Project RFQ/ Spare parts list [예산견적]
Attachment: XPE-S007-LT-002_SPARE PART LIST.ISO (contains "XPE-S007-LT-002_SPARE PART LIST.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1FaIrcjvh13I-GykLsBIbuVk9NXRIJfyH

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 13:37:07 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 30 (53.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso d839626491cde3ebff8041628557461a57b5fee35ded0a1140ee7daeebe310f4

(this sample)

GuLoader

Executable exe 6bb00f89a53da0f161e6f2872b315221fdabc16975afedb7364685263487bd1c

  
URLhaus
https://urlhaus.abuse.ch/url/367850/
  
Dropping
MD5 96e109d6c615f3875163f6788e52c99a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6bb00f89a53da0f161e6f2872b315221fdabc16975afedb7364685263487bd1c

Comments