MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2215802f5deb432f07a1aeebb7eeeffdf18cc5a035b0315ea693b08a4dbf942d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	2215802f5deb432f07a1aeebb7eeeffdf18cc5a035b0315ea693b08a4dbf942d
SHA3-384 hash:	8ab108089eb082152d66c1a8bce4c931ead1553707e10afb0c368d08a30686ec7ed72bf10058b89b30475ac1621e2be6
SHA1 hash:	e8934c813de802bcf047a09a31e324fd77ef9704
MD5 hash:	ae3b0dc204903f039cbbbe127a0aac06
humanhash:	fanta-oscar-west-fillet
File name:	AccountStatement_MandiriPDF.202006011411701.pdf.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	94'208 bytes
First seen:	2020-06-02 07:33:52 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	3d05e0e0ac14bd88e77037aa19741ed4 (1 x GuLoader)
ssdeep	1536:UhFO8lLLJo4BqS82LzwKQwktSbr5U8dT:4V38ozwPU/
Threatray	2'432 similar samples on MalwareBazaar
TLSH	6D931857BAD48502F1B24B702EB782A96F25BC194D439A0F344D1A4B7B317969CAC33F
Reporter	jarumlus
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

1

# of downloads :

77

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Loki

Link:

https://www.capesandbox.com/analysis/6002/

Gathering data

Threat name:

Win32.Trojan.Androm

Status:

Malicious

First seen:

2020-06-02 04:17:30 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

16 of 31 (51.61%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=eikyal255nbs6b5bv3v3p3xp7xyyzrnagwydcxvgsoyiutn7sqwq._file

Verdict:

malicious

Label(s):

lokipasswordstealer(pws)

guloader

Similar samples:

122256cada458b72697ddcda3d76cb49671318a2e38e898f7f38aeb6f1a19cab

13393c26e42a0d09bbd796f3f9b5109dc0d2e7ff7bd7f4aac0aa0c879c5c123c

5f8025bc323e672da091a43d6d7ddf8cc6d9e880ddefde5955d0cbafd0092c83

69e3e7a0726435f1d48dc9d56db3a3759fb038b9c8b7506ce48e5efc5460d839

7a3acd412036e1f071595f9ee144d45ee7dcc0a6f4fb8c6ed45022ec423e6061

803e96c5dc273ebc317b62354c790742fbb9807ee577e52790f293ed8298dde9

85efd0b4c3bb6232c4e075e99c46574b564785b0bdfa1b8bd91805922d91cef3

893ef71a58da9c450161aa56fddb97cd0e9c377f94a55e1d71a42569ee085de3

ecab33f5998dc995c200750f575b8571ae2a9d00b8264ed557be2d651230064e

fa4d6e0887210c5f967d3349942cd846130e5c3c227e56cb0782ec4bc0d9bea5

+ 2'422 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-zaszzfexha/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

042f15a28d97abe600aff5d5a4db9b420840a56eff46184d9986342e932c4b62

exe 2215802f5deb432f07a1aeebb7eeeffdf18cc5a035b0315ea693b08a4dbf942d

(this sample)

Dropped by

MD5 2896cc11ef6147100008312a06e46ccc

Dropped by

SHA256 042f15a28d97abe600aff5d5a4db9b420840a56eff46184d9986342e932c4b62

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/6002/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample