MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f27d1c9f31285da63264a5f0bce8f20d7bd8051750f27d4c8681edd9e4f1d41e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f27d1c9f31285da63264a5f0bce8f20d7bd8051750f27d4c8681edd9e4f1d41e
SHA3-384 hash: fa84b43e685d1ede7dac7152a6dcd68f7699890e5cafaf0c454cfd0aed91ef60712259e4394a42aef2840df986f150c3
SHA1 hash: bff2be110bdfa92cbb760d11db675dd78f9c065b
MD5 hash: 029d5e79f8db6d312cc3cd30aa011f56
humanhash: video-oscar-carpet-vermont
File name:file.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-26 09:11:53 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:qRRBb3hrLTiSxcWY6Tk/Cxa3nCoXvce3u2IxvYEOMX8ponMbS:qRRBwyly/HX7EcSnMW
TLSH D3450912B9C89CA2EC584FB60C6756EB5E15BC2229240F1B338DFB5C27761C17EB5B06
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm48.hanmail.net
Sending IP: 203.133.180.236
From: Charles Kim(김현철) <seoeun89@hanmail.net>
Subject: 견적요청서 송부의건
Attachment: file.IMG (contains "file.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1K4-CGVEYzdkwxrvRrCnPp6QMsL8Vb8-m

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:26 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img f27d1c9f31285da63264a5f0bce8f20d7bd8051750f27d4c8681edd9e4f1d41e

(this sample)

GuLoader

Executable exe 6e4b858c8b34deac90ecc0bbf4d6480ee0815c7588a192e4ee30eccfc8bda290

  
URLhaus
https://urlhaus.abuse.ch/url/367841/
  
Dropping
MD5 63d7080733fe7e6ae1fc7eaa2df4e1ae
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6e4b858c8b34deac90ecc0bbf4d6480ee0815c7588a192e4ee30eccfc8bda290

Comments