MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c39ec2c395f976a0c380c82c979eb7a17fea1f11a89344a5f14e684c7c26ec28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c39ec2c395f976a0c380c82c979eb7a17fea1f11a89344a5f14e684c7c26ec28
SHA3-384 hash: be8c10d13d3c008f3d8b00e15ba786cf0691b0e6d3b23483506532d0fbea1570cff4ee36469955eedc4e835b1e0172ce
SHA1 hash: 9223463976273145d0d9f20444238c13f576332a
MD5 hash: 31d80dfa6a6631131f23e9f65dee17a7
humanhash: undress-red-failed-angel
File name:e-dekont.pdf.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-28 13:17:33 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:R9oplOCQoxcYrhzuCcXqhbbUWfiS3z6cXG6/8/yfvyNG3FyFYe7C5QyO8Sp:XopQCVrhzunahnqS3z6M8/lNYd8
TLSH 364527323656DC65CA5446B0DCE2C4F40531BC1CCA2B8A27B2DC7F6E37BA58B9D26361
Reporter abuse_ch
Tags:geo GuLoader img TUR ZiraatBank


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: max0.noekin.net
Sending IP: 213.59.119.242
From: ZIRAAT BANKASI <ziraat@ileti.ziraatbank.com.tr>
Subject: e-dekont
Attachment: e-dekont.pdf.img (contains "e-dekont.pdf.exe")

GuLoader payload URL:
http://185.205.209.166/wext/net-N_oCAkzZdgp45.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.HEUR.QVM03.0.8634.Malware.Gen.31624.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 13:38:22 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img c39ec2c395f976a0c380c82c979eb7a17fea1f11a89344a5f14e684c7c26ec28

(this sample)

GuLoader

Executable exe 396c661ffc736d98af8dfbb324b5a67ec3feb379579969b22b6ffc61d60e4ef4

  
URLhaus
https://urlhaus.abuse.ch/url/370976/
  
Dropping
MD5 688be9cca636a340030c709cbd010617
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 396c661ffc736d98af8dfbb324b5a67ec3feb379579969b22b6ffc61d60e4ef4

Comments