MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea41301e4a2d98c24382db9b027f550c800650725d2fbb3dee52cc4b3c2adf0c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea41301e4a2d98c24382db9b027f550c800650725d2fbb3dee52cc4b3c2adf0c
SHA3-384 hash: 4b386e14b60f9aea6f94c08289f7fd62b4002ff9d0945cd4525b909b66ed0aff60a2792b7d4c5f0bad0d4201eef86f79
SHA1 hash: 961b2af6a32370e5e7d6bb2c62a7cdb772390c8b
MD5 hash: 42bac53401a84c84d83e7e840be21071
humanhash: red-orange-friend-zebra
File name:Halkbank_Ekstre_20200410_080918_330462.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:99'887 bytes
First seen:2020-05-12 16:05:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:AgFVH/koaAv/ICMlGfiAHY1kCDPkyGPop:Ag7H/Wo/IC7pHukCBGPop
TLSH 77A3128AAEBFEC48194953E80C60D5A1B5C47E15000F64AD1F5FB62A2BBAF52E7CD109
Reporter abuse_ch
Tags:geo GuLoader Halkbank TUR z


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cpanel03mh.bkk1.cloud.z.com
Sending IP: 163.44.198.56
From: Türkiye İş Bankası A.Ş. <halkbank.e-ekstre@halkbank.com.tr>
Reply-To: noreply@ileti.isbank.com.tr
Subject: T.HALK BANKASI A.Ş.12.05.2020 Hesap Eks\x0atresi
Attachment: Halkbank_Ekstre_20200410_080918_330462.z (contains "Halkbank_Ekstre_20200410_080918_330462.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.LuheFihaB.19090.20733.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 03:17:05 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5jatahskfwmmeq4c3onqe72vbsaamudslux3wppoklgewpbk34ga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ea41301e4a2d98c24382db9b027f550c800650725d2fbb3dee52cc4b3c2adf0c

(this sample)

GuLoader

Executable exe acacc7f3cc09e7a711e1f7f4f9fc6633b4c48b21f17e793ec9a91c26173c1232

  
Dropping
MD5 60624eac1bb29e821f4355ccb7e7340c
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 acacc7f3cc09e7a711e1f7f4f9fc6633b4c48b21f17e793ec9a91c26173c1232

Comments