MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83b917b6bb83a26c2df178acc3b0eb2f04aaa743afbfe9d54ee33e5e6bc80fe7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83b917b6bb83a26c2df178acc3b0eb2f04aaa743afbfe9d54ee33e5e6bc80fe7
SHA3-384 hash: 55e36d308b62386ddd4072afad22637b08c9fd6176ce87be5e911af3a489bb2dd3c39c40ef02435e9056ea244b8bac5e
SHA1 hash: 182c033ad2381e5c5867a33c84bd4bf1cc86e8a4
MD5 hash: 3941b9f94643fa60da34bd04a7ad9e40
humanhash: july-salami-iowa-massachusetts
File name:PO_document785553422656757IMG.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:167'936 bytes
First seen:2020-05-28 08:40:50 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:fNnpoEYVNANQuTw05KurM907rUTaIeSFphVq4FbAvHxNjE:1n4/ut5NM907rUTaIlFcM
TLSH 71F3F7236A90EB61C53045F129179B6C157BFE3401E2495BB0DD2B4B3BB29E6FA1C34B
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: trorgaz.com.tr
Sending IP: 45.147.228.105
From: Atunga Harmantepe<atunga.h@trorgaz.com.tr>
Subject: RE: Urgent Request Quotation For HTR 864
Attachment: PO_document785553422656757IMG.IMG (contains "PO_document785553422656757IMG.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=63287B596430CB27&resid=63287B596430CB27%21107&authkey=AHre-6Bw68haI00

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 09:36:12 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 83b917b6bb83a26c2df178acc3b0eb2f04aaa743afbfe9d54ee33e5e6bc80fe7

(this sample)

GuLoader

Executable exe bb19d9c9c18233bf65768ed3534766ae87ada589f6223d015c47d5e4c2523d64

  
URLhaus
https://urlhaus.abuse.ch/url/370389/
  
Dropping
MD5 75cbff3cf34fc5442bb120c5f8b359ad
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bb19d9c9c18233bf65768ed3534766ae87ada589f6223d015c47d5e4c2523d64

Comments