MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e281c97dc70a8e1a4d21ba637bb330e30e775fef444048a4c2aab503b21dfb85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: e281c97dc70a8e1a4d21ba637bb330e30e775fef444048a4c2aab503b21dfb85
SHA1 hash: 23a574c97a330341b93932d29c01426bba268560
MD5 hash: 9a0d73513c453369b3ee8679cd553805
File name:Invoice DFC-6546735_pdf.img
Download: download sample
Signature GuLoader
File size:1'245'184 bytes
First seen:2020-05-23 11:50:05 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:K2+s6bkgowLu+W+lsmThzaQ33DQDWuAY:f6kgGr+hBj+6Y
TLSH FA456F17B50DCBADE6148AB2F57042F01679AF2BE891192BF9CDFE2C377114C26112E6
Reporter @abuse_ch
Tags:GuLoader img


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: smtpout37.sweb.ru
Sending IP: 77.222.41.66
From: Andrea Perry <sales@mogindustries.tech>
Reply-To: sales@mogindustries.tech
Subject: Re:Overdue Invoice DFC-6546735
Attachment: Invoice DFC-6546735_pdf.img (contains "Invoice DFC-6546735_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1w-k0OqNANbahCjQzopaGUIFRUsC1kHMN

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 21
Origin country US US
ClamAV SecuriteInfo.com.Variant.Ursu.791968.4656.20149.UNOFFICIAL
VirusTotal:Virustotal results 33.33%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img e281c97dc70a8e1a4d21ba637bb330e30e775fef444048a4c2aab503b21dfb85

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments