MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f76049620ecf0ba2184b3b48945879be2961ea83865c3e4d75f0da89966a5066. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f76049620ecf0ba2184b3b48945879be2961ea83865c3e4d75f0da89966a5066
SHA3-384 hash: 611492ce131001630f3df72d7c07e4cad893ee8af4d08e38970d5a51466996c65c6b8658aca396d31937b8d41b94eeff
SHA1 hash: 47eeed58b505b338e7478086762e2470d0d7fae1
MD5 hash: 88cb61d18b6d61828328b39f59bfb3e6
humanhash: steak-comet-mexico-burger
File name:PO-2020-002-MFC-Project materials, equipments, machine Devices.img1.2 MB.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:155'648 bytes
First seen:2020-05-26 07:19:23 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:e0C/eUGzJXW1UzcNAFfRgUPwD8//DT37nIr:0tGz2U46FfRgUPq8//LnG
TLSH A2E31AA0AAE87DF5F6B14FF15C719210C423BC620D228E0B30DD760E5E775669BB2726
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: newspamfilter1.mailnara.co.kr
Sending IP: 121.189.61.170
From: WANG GUIFA <info@mon.hagyz.com>
Subject: [MFC Project] PO(Purchase Order) Project materials, machinery and equipment
Attachment: PO-2020-002-MFC-Project materials, equipments, machine Devices.img1.2 MB.img (contains "NEROICMART.exe")

GuLoader payload URL:
http://iloims.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_iidvdmM144.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Heur.VP2.gm0@aONobMpi.18740.9834.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 01:34:37 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 48 (33.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img f76049620ecf0ba2184b3b48945879be2961ea83865c3e4d75f0da89966a5066

(this sample)

GuLoader

Executable exe 7754406e305f40d2a17def7c7d64ed01e3911f18368e36e64b90af21c48a91c4

  
URLhaus
https://urlhaus.abuse.ch/url/368699/
  
Dropping
MD5 c1a0fc307a8541e745ac14e5592e9961
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7754406e305f40d2a17def7c7d64ed01e3911f18368e36e64b90af21c48a91c4

Comments