MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d9465ad29caa66ba9d539f9b59a4d058147bf13d284e6289fc7b6ef3b9a4bb1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: d9465ad29caa66ba9d539f9b59a4d058147bf13d284e6289fc7b6ef3b9a4bb1b
SHA1 hash: f0e14ca24609764e5e77ef3cd66415bb276f6441
MD5 hash: 7150336413ac578fda576f4e525b2c7e
File name:REMITTANCE RECEIPT.ISO
Download: download sample
Signature GuLoader
File size:1'245'184 bytes
First seen:2020-05-23 11:53:21 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 1536:sFIBXeYj2asNR/TwAymAd5i1JOWDLahZ:gIBGjr2QJOWDLaZ
TLSH 944518A3F5B89931C62559BC19B486F0562BAEBE0531CA5B70CC771C27FB4C23639346
Reporter @abuse_ch
Tags:GuLoader iso


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: mta11.srv.hcvlny.cv.net
Sending IP: 167.206.4.220
From: Metty.Gomaz <Clarkroy440@yahoo.com>
Subject: Remittance Transaction
Attachment: REMITTANCE RECEIPT.ISO (contains "REMITTANCE RECEIPT.exe")

GuLoader payload URL:
https://twadatabase.com/uj/newsamcav_HgMSY69.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 22
Origin country US US
ClamAV SecuriteInfo.com.Win32.Injector.EMBB.27305.UNOFFICIAL
VirusTotal:Virustotal results 20.00%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso d9465ad29caa66ba9d539f9b59a4d058147bf13d284e6289fc7b6ef3b9a4bb1b

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments