MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 faf9e9e02b83aab9bb5a05a7590f086e7946f2056a8c0a938a754dad6b01adbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: faf9e9e02b83aab9bb5a05a7590f086e7946f2056a8c0a938a754dad6b01adbf
SHA1 hash: 0a19f198a966662f538d00aa143cd54002ff1924
MD5 hash: 4e136dd36ceccdfc5874611e98a31a33
File name:H4A2-423-EM154-301.PDF.img
Download: download sample
Signature GuLoader
File size:1'245'184 bytes
First seen:2020-05-22 09:55:33 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:Pg1R7tPXWS1y7v2M6fEHl5nA294YyRno2ZSdPoKdKbZDGRIjA+IE:41i7OjcHlFLyRno2ZQoKd4NGRS
TLSH 58451931F584AD81CB498DF1496B5765A82FBCB619260B8772CE3B2D1B3B1C1BC6134B
Reporter @abuse_ch
Tags:geo GuLoader img KOR


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm84.hanmail.net
Sending IP: 211.231.106.159
From: 권성록 <swk0517@hanmail.net>
Subject: 견적문의 드립니다.(권성록 입니다.)
Attachment: H4A2-423-EM154-301.PDF.img (contains "_20200522_wl.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=12aRb9W1dI5HoCV8l97W8da0HmE-7eB8S

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 23
Origin country US US
ClamAV PUA.Win.Packer.ProtectSharewar-2
PUA.Win.Packer.ProtectSharewar-3
VirusTotal:Virustotal results 27.87%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img faf9e9e02b83aab9bb5a05a7590f086e7946f2056a8c0a938a754dad6b01adbf

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments