MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef148c6e508eb599caa06ffc57a42916e16a9bfd9e1e5e3738292905f67a1598. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef148c6e508eb599caa06ffc57a42916e16a9bfd9e1e5e3738292905f67a1598
SHA3-384 hash: 2702ba4b3684e1016306fb7929171d622c493bc4df4c5b25dc4a9c9fd2f0c9e29d404d876b044aeb159c90568728af17
SHA1 hash: 2c53fb88818b4695f73da6ebf233efd9b83e4b7b
MD5 hash: 290318cd40de95f5cf19babb91c96d0c
humanhash: venus-double-alpha-eighteen
File name:RFQ_HTYY-9595834594504585IMG.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:167'936 bytes
First seen:2020-05-28 13:17:05 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:xNnpoEYVHmnbESdSujk9pNVJvv9NNHB84r7EkVN20wvpSp:LnRbE6j4NVJvv9NNHBX7p
TLSH 9EF30723AA90EB11D03045F029179B4D15ABFE3101E1494BB5DD2B9A3BB3DD2F96E34B
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: bestrade.com.tr
Sending IP: 45.147.228.215
From: Hatice Merve <merve@bestrade.com.tr>
Subject: RE: Urgent Request Quotation(New Contqact)
Attachment: RFQ_HTYY-9595834594504585IMG.img (contains "RFQ_HTYY-9595834594504585IMG.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=5CF421933F23FF14&resid=5CF421933F23FF14%21106&authkey=AGGCQtZ8CeiYMMg

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaF.34122.gm0@a0CsBJlG.17078.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 11:47:23 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img ef148c6e508eb599caa06ffc57a42916e16a9bfd9e1e5e3738292905f67a1598

(this sample)

GuLoader

Executable exe e0020d5328b75c4078556d235042c3afad2b7402db2b7a375280ddf48636c5a1

  
URLhaus
https://urlhaus.abuse.ch/url/370975/
  
Dropping
MD5 fe4bd8b2dde5e3cbd7d5b0d1cd7006bc
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e0020d5328b75c4078556d235042c3afad2b7402db2b7a375280ddf48636c5a1

Comments