MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59b36e0c5d21af1d979d5d3917e6b446fb405dd64d2bee0821720be19fa6792f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59b36e0c5d21af1d979d5d3917e6b446fb405dd64d2bee0821720be19fa6792f
SHA3-384 hash: b09f13ce973c090a11b80a8c609e9b1e3aba574788573f58508af60475b460b383174895e278aaec42a99fafcbb7559d
SHA1 hash: 9996c61d3ebfb6aa78359dc0e97e47ddbcebbf1d
MD5 hash: ba1b835b68a77fd80551e058dbf0641d
humanhash: fish-july-pizza-summer
File name:e-dekont.pdf.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-21 10:32:07 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:G2LVKSB6VJ0L6izTDaJGxD7JFt7g9/UqdMWfedCduhTnX8l1NwW58N4f/n:jUSBGCrzTDa0ddj7AIWWgdAXOd8O3
TLSH EE4519267DA48D62D68049F26EAA876C14EFBC7035114F0774DE7B2D1B32A82E53634B
Reporter abuse_ch
Tags:geo GuLoader img TUR ZiraatBank


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.avrasyarulman.com
Sending IP: 185.239.237.91
From: ZIRAAT BANKASI <ziraat@ileti.ziraatbank.com.tr>
Subject: e-dekont
Attachment: e-dekont.pdf.img (contains "e-dekont.exe")

GuLoader payload URL:
http://77.73.67.197/wext/n-bin_GuMUo43.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaCO.34122.gm0@a0iG1jii.1528.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 09:27:20 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
14 of 30 (46.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 59b36e0c5d21af1d979d5d3917e6b446fb405dd64d2bee0821720be19fa6792f

(this sample)

GuLoader

Executable exe 62f73fb22702076bbd04accc897fb3fb2c3b203048eeef1fd943571f027d5cec

  
Dropping
MD5 7c96113ad28b5cd2b2f0e7eac3e8910e
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 62f73fb22702076bbd04accc897fb3fb2c3b203048eeef1fd943571f027d5cec

Comments