MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46ca59765a7987925ec717ea3cda47fb2d0cadafd44ef0bdd71d8015457f278f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46ca59765a7987925ec717ea3cda47fb2d0cadafd44ef0bdd71d8015457f278f
SHA3-384 hash: b1b7e84ba0e77e37d98d0b8ed010214e5bdcc043599da0eefaf93d83d6dc11dc030cb22c709324b584eb57b3da41fa58
SHA1 hash: 0fd093071399b6d5cde618f3a0482aad167b1c8c
MD5 hash: 970d16fd00a5a6968c71412fe1bda00d
humanhash: muppet-emma-white-sodium
File name:Halkbank,doc.r00
Download: download sample
Signature GuLoader
Create hunting rule
File size:49'492 bytes
First seen:2020-05-28 13:16:58 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 768:mPaku15A/JGtPBZlugTskidbv+RebXDnoiXnFx/PzneU/hvZmwJYv6I:myt1aUhBskiZ+0bMa/jnD/hkwJYvf
TLSH 0523021F6A02658568FBC373F25DE7D45C56809E4D5F902A893CB60A36FB2C9E8810DE
Reporter abuse_ch
Tags:geo GuLoader Halkbank r00 TUR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: halkbank.com.tr
Sending IP: 156.96.45.138
From: HALKBANK.E-EKSTRE@halkbank.com.tr
Subject: T.HALK BANKASI A.Ş. 05.20.2020 - 05.28.2020 Hesap Ekstresi
Attachment: Halkbank,doc.r00 (contains "Halkbank,doc.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1ZMX0WJrA0VBWN8UckHzYDHG7DxK3mz_T

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 13:37:44 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

r00 46ca59765a7987925ec717ea3cda47fb2d0cadafd44ef0bdd71d8015457f278f

(this sample)

GuLoader

Executable exe 6c393877157463f2a3989fe5a01fa4f79e61044829f33e84238190b632b65ee5

  
URLhaus
https://urlhaus.abuse.ch/url/370981/
  
Dropping
MD5 ddaf016b124dfc5873576daf4a2d789b
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6c393877157463f2a3989fe5a01fa4f79e61044829f33e84238190b632b65ee5

Comments