MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d9465ad29caa66ba9d539f9b59a4d058147bf13d284e6289fc7b6ef3b9a4bb1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 3 File information Yara Comments

SHA256 hash: d9465ad29caa66ba9d539f9b59a4d058147bf13d284e6289fc7b6ef3b9a4bb1b
SHA3-384 hash: ec6da8fb5a97d57308421ac15e86e8c5f85b3afa3cff7d4b628036c014ec21d5b6665595ee6c4628ca8c960903a17b88
SHA1 hash: f0e14ca24609764e5e77ef3cd66415bb276f6441
MD5 hash: 7150336413ac578fda576f4e525b2c7e
humanhash: yellow-salami-cup-oregon
File name:REMITTANCE RECEIPT.ISO
Download: download sample
Signature GuLoader
File size:1'245'184 bytes
First seen:2020-05-23 11:53:21 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 1536:sFIBXeYj2asNR/TwAymAd5i1JOWDLahZ:gIBGjr2QJOWDLaZ
TLSH 944518A3F5B89931C62559BC19B486F0562BAEBE0531CA5B70CC771C27FB4C23639346
Reporter @abuse_ch
Tags:GuLoader iso


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: mta11.srv.hcvlny.cv.net
Sending IP: 167.206.4.220
From: Metty.Gomaz <Clarkroy440@yahoo.com>
Subject: Remittance Transaction
Attachment: REMITTANCE RECEIPT.ISO (contains "REMITTANCE RECEIPT.exe")

GuLoader payload URL:
https://twadatabase.com/uj/newsamcav_HgMSY69.bin

Intelligence


File Origin
# of uploads :
1
# of downloads :
30
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-05-23 12:36:41 UTC
AV detection:
20 of 48 (41.67%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso d9465ad29caa66ba9d539f9b59a4d058147bf13d284e6289fc7b6ef3b9a4bb1b

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments