MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a842ce737983d2dfbdf7974d30373cc0880bf054af84284d7a065ed3548f43b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a842ce737983d2dfbdf7974d30373cc0880bf054af84284d7a065ed3548f43b
SHA3-384 hash: c457fa3ddb84bd3e882a7702bc48677a2aa81cf2de059f3a9cb30cf591b5c69c73f0e1c65c1fa12e8878ecfdbdb5341a
SHA1 hash: b8bce45a810b0b1f17e2ea3e74ac809f6571c386
MD5 hash: 6188dbb588fe64b56f399291260782cd
humanhash: skylark-fish-fish-fourteen
File name:Halkbank_Ekstre_20200521_080311_726443.pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:41:31 UTC
Last seen:2020-05-21 09:51:47 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bb55d51fca932d126bd26cd831bcb004 (1 x GuLoader)
ssdeep 768:gViGT5gsA8GqaP8FsOFdX8V675t2EbEZqsbBoEleLxjSjA:oAzL0sWdsVg5t2TZqsxeLxjwA
Threatray 1'588 similar samples on MalwareBazaar
TLSH 77A30A35F5A8EC61D62C47FF5EB04A99136BAD700911CB4334CBBB1D26FA685A82530F
Reporter abuse_ch
Tags:exe geo GuLoader Halkbank TUR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: smtp.ostec-qroup.ru
Sending IP: 104.168.253.210
From: HALKBANK.E-EKSTRE@halkbank.com.tr
Subject: T.HALK BANKASI A.Ş. 20.05.2020 Hesap Ekstresi
Attachment: Halkbank_Ekstre_20200521_080311_726443.pdf.r00 (contains "Halkbank_Ekstre_20200521_080311_726443.pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1l5tCTw1jmXN--LTAo-U9Zt7uMoyvLeaY

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47911.6028.28903.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 09:56:36 UTC
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hkcczzzxta6s3667pf2nga3tzqeibpyfjl4efbgxubs62nki6q5q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
5a44cbe60853b3a9446a1ca10802ee4767cdfca6cf05c7c96ba7799aa91eafee
GuLoader
5f9b8ce62abc0d49b1bb253bd51286151a8b3d3f09fdb9e37cd964f80df26669
GuLoader
8077b9d3b809c1b66793e7292d7afdb401efa60fe9be607bb48a30bcf005af06
GuLoader
85b3b12892570a08fc7c60ad0f4788fb3a4a8d6a9b1cfdf79495b0586cc513d1
GuLoader
a45d9c8d3f5ceb809b8ee497e806d29d6e379ae0603aea8b733096afcf86bdcc
GuLoader
aa3420190b3e22959cfb4715307027404fe5cb492faf5546189a20b82b9e4e37
GuLoader
ad64a6eaa5d2494a4161158792e7cde3fb7d9a7bd36f06cc0de271192582f439
GuLoader
b1d1654f14052fe13960bbde4280f2f1d34e802293dddb47c971ce833bb5bda5
GuLoader
c9dae8af9343e2bb59a9c6cbfa04b09bcbffe2a75893d797ec2a9c50c6253afe
GuLoader
d629c357618d0af63380cbd227dcdba8ec9af89e243ae67faaa7343ce9a91f01
GuLoader
+ 1'578 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hm41gqrzd2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

r00 adaa6f29029e301519a35086d9826fad8ba16325166b83c944acabe6e989b860

GuLoader

Executable exe 3a842ce737983d2dfbdf7974d30373cc0880bf054af84284d7a065ed3548f43b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365787/
  
Dropped by
MD5 fa7ba46e7b505b0f0556fc4efe2263f0
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 adaa6f29029e301519a35086d9826fad8ba16325166b83c944acabe6e989b860

Comments