MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39ea1e26d4a96ba3f462985e766b70d1999bc0ddb802a38f92b2cb1a257f475d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39ea1e26d4a96ba3f462985e766b70d1999bc0ddb802a38f92b2cb1a257f475d
SHA3-384 hash: c0b13cd07ecdc360a8e680e6393e5cef248e25f57e0615206dd95caf741c3026cfe0869c73836280dbfd8fa409316582
SHA1 hash: f4138f61c2c46824b1ebd52abdea0cfbac1345eb
MD5 hash: 106ff33897e50f3ac12d8e9f2ed703d6
humanhash: hot-vermont-michigan-pluto
File name:SecuriteInfo.com.MSIL.GenKryptik.EIOD.18760
Download: download sample
Signature GuLoader
Create hunting rule
File size:613'888 bytes
First seen:2020-04-22 15:10:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:iX5Pj+glJePs7bnFto5+y4pAiKZ8MM6+3:YPj+gfKkbu+p6PZp+
Threatray 307 similar samples on MalwareBazaar
TLSH B8D4C123EEE6991FC5381AF455B0AB410E6C7E8B181D77D927463E8A3D732478DCE242
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EIOD.18760.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 09:10:57 UTC
File Type:
PE (.Net Exe)
Extracted files:
12
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hhvb4jwuvfv2h5dctbphm23q2gmzxqg5xabkhd4swlfrujl7i5oq._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
Similar samples:
167cef6fd61eec938ab15b0f40e66e5c197a4dd44fc9f9a534ddc283f1134a3b
GuLoader
4381f3472301d8b680f90832edd05d853bcef530b48f0476ce7ad1f6b150434c
GuLoader
443968b3a2c55dcec52e8d46c9f3eef5f2fbf526606e5663768dbdd432250ac2
GuLoader
6bf885071b121b3f9eaa026cb4863f5dc6ca629b34c399a4ffe0bb6b81961eed
GuLoader
6db812f8cde69dfe388cc2e7f8c3275c8f1dba462374e6215722de0663af526d
GuLoader
8b357b174e5db357eafe1fbb50c64b54976ea2d283bdcb0bf586710663fb1eff
GuLoader
aa699d6811b7b84893adc0734f2d1b044903ffd15d68ccde38002f34057c35fe
GuLoader
da4bbd6957ac3ac81d2030c5cc1c7d062229ac5499318c8289977a771a17dce4
GuLoader
e909437a928115bd8e22c463ceb700b8c15eed77891038e8a063e106423a4d00
GuLoader
ffa06b4d4e2bb7501c6d1cfbc01b8678aaf33e44dce76eeda2881ec17a5a8bac
GuLoader
+ 297 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 39ea1e26d4a96ba3f462985e766b70d1999bc0ddb802a38f92b2cb1a257f475d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/348161/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments