MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e2fe1cf05cf200c62116e94f64a9b1453427884f4d36de3a4bd138f5a12c2eb1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e2fe1cf05cf200c62116e94f64a9b1453427884f4d36de3a4bd138f5a12c2eb1
SHA3-384 hash: fab2babef99bfb75df8a9d0ed1e714716f8d9b784ea1a28679ae2e28c827cd2d180d1893b98b21c1a84a7f043ba6291b
SHA1 hash: 96c8b54595d3dd722d347c31b53d16ff501e2999
MD5 hash: cd5328e7c7fb8435f94a0f8a4abe3cf3
humanhash: neptune-oscar-football-finch
File name:Pending Messages On Email Account..IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-26 17:30:27 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:SMA9FnhafsJp/NLHD+paxdx+yPPlH4oZ+Kqb+wBAgDxCFEBYbQxgs3/oGl4F2SP3:ywf8VxHPZ4oPOcbQxgsvozVDVYBvu5
TLSH 604509237CD48CB2D86E8BBC98F181560EA5AD2479464F07754DFE9C2FB638718B1386
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: WIN-RF3QMXUZ2NO
Sending IP: 103.89.91.124
From: EMAIL ADMINISTRATOR <admin@moleaves.tk>
Subject: YOU HAVE 3 PENDING EMAILS, DOWNLOAD OR RETRIEVE NOW
Attachment: Pending Messages On Email Account..IMG (contains "DEUTSCH-BANK TELEX 45,000 EUROS.exe")

GuLoader payload URL:
http://185.205.209.166/wext/Rem-Stub23_tkxlq56.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDK.12449.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 17:35:50 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img e2fe1cf05cf200c62116e94f64a9b1453427884f4d36de3a4bd138f5a12c2eb1

(this sample)

GuLoader

Executable exe 15bd43191828799355d6009ea83dbfedbde843ce346321a6db7eeb61eb687d88

  
URLhaus
https://urlhaus.abuse.ch/url/369580/
  
Dropping
MD5 84de8744bf733d842290abe912a8465b
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 15bd43191828799355d6009ea83dbfedbde843ce346321a6db7eeb61eb687d88

Comments