MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d99c4612278f06ef3b3376391a0cbe4b5cd7a683b18c3c2e35731cea3cea8fc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d99c4612278f06ef3b3376391a0cbe4b5cd7a683b18c3c2e35731cea3cea8fc7
SHA3-384 hash: 02658958089c53e529255262ba6f86ea0579ec0fe77c50fe41a0db83d6324e343343ab4a4533d0e6d1a805f1876afad9
SHA1 hash: b588fef1787592daa7bc70b7c4eaf9c8a8bd0540
MD5 hash: 3dd37b7942aaceda5d2db157b9b6bcaf
humanhash: friend-one-maine-cup
File name:Required Equipment Item Specification_8915963B.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-13 09:53:17 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:ZMhhyGAjAadvJBtjN1+08O8wlHsB/iP7oaAyiApDbFzOna2BAGdrnHmh+:8hQNdxvN1L8WlMBKg8F4z
TLSH 99451C16B2954522E2745A71DB38D7AC036BAC2029414D433ACC3F9C1F37AA596F737A
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: toi12.com
Sending IP: 173.82.154.37
From: 서진효 <daewon77@daum.net>
Reply-To: daewon77@daum.net
Subject: REMINDER [울산북항 LNG PKG]Request for Quotation_터미널 1단계 LNG Package 건설공사
Attachment: Required Equipment Item Specification_8915963B.img (contains "PRMIE.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisFFE910260CDA.19965.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 14:25:39 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3goemerhr4do6oztoy4rudf6jnonpjudwggdylrvomoouphkr7dq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img d99c4612278f06ef3b3376391a0cbe4b5cd7a683b18c3c2e35731cea3cea8fc7

(this sample)

GuLoader

Executable exe b93f8ab520d94792e242a0c903ef2a8cce77a3a9f969e44749e4f2768333d96e

  
Dropping
MD5 ffe910260cdab6d20ea3450b247eed0d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b93f8ab520d94792e242a0c903ef2a8cce77a3a9f969e44749e4f2768333d96e

Comments