MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 acacc7f3cc09e7a711e1f7f4f9fc6633b4c48b21f17e793ec9a91c26173c1232. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: acacc7f3cc09e7a711e1f7f4f9fc6633b4c48b21f17e793ec9a91c26173c1232
SHA3-384 hash: 078129a0d39fe52e718f3b336d3ca32c2914c7ab741e41fae7b7659468a9a7a3706a6904dc13dec70555883be141d198
SHA1 hash: 6f67adec0cb13f1622e9b608cb8cb84220d8ee13
MD5 hash: 60624eac1bb29e821f4355ccb7e7340c
humanhash: pluto-oklahoma-batman-fruit
File name:Halkbank_Ekstre_20200410_080918_330462.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:215'040 bytes
First seen:2020-05-12 16:05:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 3072:xvuWpYFMkpSvhKuPWvdWKWzsMqNXl8g8D4vynkgGK8pwirYAxRrUr/AaH+OtD:xvuWopUK68FUG8wYAxyDAg
Threatray 479 similar samples on MalwareBazaar
TLSH 62241A427644D502CD3E07F5D06899F04267BDA6E872F28F2E86BDB932F33D2156294B
Reporter abuse_ch
Tags:exe geo GuLoader Halkbank TUR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cpanel03mh.bkk1.cloud.z.com
Sending IP: 163.44.198.56
From: Türkiye İş Bankası A.Ş. <halkbank.e-ekstre@halkbank.com.tr>
Reply-To: noreply@ileti.isbank.com.tr
Subject: T.HALK BANKASI A.Ş.12.05.2020 Hesap Eks\x0atresi
Attachment: Halkbank_Ekstre_20200410_080918_330462.z (contains "Halkbank_Ekstre_20200410_080918_330462.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.LuheFihaB.19090.20733.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:07:07 UTC
File Type:
PE (.Net Exe)
Extracted files:
10
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vswmp46mbht2oepb672pt7dggo2mjczb6f7hspwjveocmfz4ciza._file
Verdict:
unknown
Similar samples:
0ff96346be4508292ddabc6d9b32fc697b710d5f826e9bb213f7c2f4492d2937
GuLoader
1eee887b16c1d789c1869219de2609fbc29ef3ee0c0625f2907c71e9ba701daf
GuLoader
21dba41b37835f29fa4166786b44915d69109229a0fd19ee46d14cb2afa7c35b
GuLoader
8ad9862548bf4d19b6e8efc18a0a54a359cc4f11a7f4bfac1a3029b853fa6e0e
GuLoader
ae807cf8d58d5a64f9275fc3394098c0fe2764d07d12482aa95f1b778257e6fe
GuLoader
da64ba6aa9134a524cb31e5d92a4c6c31980c17f8e49a9d4ab93f6a9040c9d01
GuLoader
dff01b9f8946ed3792fe4e32ae3f95834c892f16ca219dc99d78fd15064f82a2
GuLoader
eed00acb5b2bd676ab5ae74611ed880e6ef40d855d401ce9a938d5700f2b1de1
GuLoader
f29c7a735adfcc42de35a17646ead9eaf23ae1a0cc99ad468b720d0e3be7dad6
GuLoader
f982ec93d003591286335c98074fdbe2054d603de5211af961c670f50ac3437d
GuLoader
+ 469 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
coreentity rezer0
Link:
https://tria.ge/reports/201109-2c654g8vj2/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
rezer0
CoreEntity .NET Packer
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ea41301e4a2d98c24382db9b027f550c800650725d2fbb3dee52cc4b3c2adf0c

GuLoader

Executable exe acacc7f3cc09e7a711e1f7f4f9fc6633b4c48b21f17e793ec9a91c26173c1232

(this sample)

  
Dropped by
MD5 42bac53401a84c84d83e7e840be21071
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ea41301e4a2d98c24382db9b027f550c800650725d2fbb3dee52cc4b3c2adf0c

Comments