MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09cd2a61daa4a6a4a740125dbd0c13ec199c9d4c747fc2337afca8c73136a1d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09cd2a61daa4a6a4a740125dbd0c13ec199c9d4c747fc2337afca8c73136a1d6
SHA3-384 hash: 8dc41a85472a115285eb0afaea5cab4db3261e30e4a6732d5943a45cfa7cc7b409fce7298ccaa7a65649c7eea6144b1e
SHA1 hash: 9f83f19289ddaa003772b78d2895ab1f2e67579b
MD5 hash: 04b9b6c458e9d02629f1260f62e552a0
humanhash: whiskey-undress-pennsylvania-network
File name:New-PO-40385934840349IMG.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:167'936 bytes
First seen:2020-05-28 08:40:47 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:+NnpoEYV6hr1pwZ5ItE50chuM3IiRHWHlWaI8gx7YUeB9nwS/O:snhhr1pE5B4iRHWHlWaIf1P
TLSH 70F3F6236A90AB11D03045F16A474B5C157BBE3501E2894BB4CD2B9F3BB3DA2F96D34B
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: tankaucuk.com.tr
Sending IP: 45.153.240.229
From: Atunga Harmantepe <info@tankaucuk.com.tr>
Subject: RE: Request Quotation (Uregent Order)
Attachment: New-PO-40385934840349IMG.img (contains "New-PO-40385934840349IMG.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=E31CD39F416CDF51&resid=E31CD39F416CDF51%21106&authkey=AIF4f9gse6i6J1c

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 09:36:04 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 09cd2a61daa4a6a4a740125dbd0c13ec199c9d4c747fc2337afca8c73136a1d6

(this sample)

GuLoader

Executable exe a8881aef042f83e09cd52512b1332e82e791a5356f94eaeaacfaa1a3d4a0495b

  
URLhaus
https://urlhaus.abuse.ch/url/370385/
  
Dropping
MD5 b516b2fa91874c6dab5f6d5843790f88
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a8881aef042f83e09cd52512b1332e82e791a5356f94eaeaacfaa1a3d4a0495b

Comments