MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e078800efb0d015e268e68afc688fc189ed29a927fe6df75d174365446569da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9e078800efb0d015e268e68afc688fc189ed29a927fe6df75d174365446569da
SHA3-384 hash: 8445360f6c5f20415c7ee53e52a3b8e450d7d7cf7f7f9731892d1e7d3aa6dc6a9c70f1a38d2a19afddbf829da5d7b6a1
SHA1 hash: 615b6adfec667530d873be58065a0fd38cd4f457
MD5 hash: 5c96977d9b69f30e74327dead9cc6c83
humanhash: minnesota-eighteen-oregon-zebra
File name:SELECTED PRODUCT LIST.doc
Download: download sample
Signature GuLoader
Create hunting rule
File size:443'514 bytes
First seen:2020-03-23 07:54:20 UTC
Last seen:Never
File type:Word file doc
MIME type:text/rtf
ssdeep 6144:xxlGxlGxlGxlGxlGxlGxlGxlGxlGxlGxlGxlGxlGxlGxlGxlGxlGxlGxlGxlGxlE:v222222222222222222222222uMk
Threatray 4'845 similar samples on MalwareBazaar
TLSH E894AFD883A15414C6D123E1AE48F48839B6F23294D3C5D8729EF5BC63BE5ACFA091F5
Reporter cocaman
Tags:doc

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27301.RtfHeur.BadVer.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.FakeRTF-2.UNOFFICIAL
Create hunting rule

Rtf.Dropper.Agent-7637690-0
Create hunting rule

MiscreantPunch.RTF.2017-0199.Obfus.170830.UNOFFICIAL
Create hunting rule

MiscreantPunch.RTF.2017-0199.Obfus.171711.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Document-Word.Exploit.CVE-2017-11882
Create hunting rule
Status:
Malicious
First seen:
2020-03-23 04:30:10 UTC
File Type:
Document
Extracted files:
17
AV detection:
17 of 30 (56.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0bba310d0af941efeae9dd5e3bffeef258680c5633dfe1a96a4e88c8e15b5d2b
GuLoader
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
2bde030373678bb2df1223cd3e3c4e7f2992e30739dcc63b688368f02a100067
GuLoader
70d577aba943b783ec606abcfa912bf97c9fd4f22d5e46ff1d718d350a8e4fcc
GuLoader
937284137c84e1a192926206db0102c93764420508b2ff6bb6ab609cb7b55f9f
GuLoader
aeeabfa8e9e939e37ea0207919fdc7451ab015e81e5b908dc6d50e8ab9bdf7eb
GuLoader
c46bc8f7f6334e0ac2957de6b03b6a04bca97a5604c90ecbfd755a7b7fdeed59
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
ebb1d3f1ac0d238e6eb3ae96d4ebc49fb5a38c8669e74e65145c858339211dc7
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 4'835 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SharedStrings
Create hunting rule
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples
Rule name:win_alina_pos_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_gootkit_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Word file doc 9e078800efb0d015e268e68afc688fc189ed29a927fe6df75d174365446569da

(this sample)

GuLoader

Executable exe 102dbd5d5de121477014551296d34f353cf7ba356428450216960843c459b58d

  
Delivery method
Distributed via e-mail attachment
anyrun
any.run
https://app.any.run/tasks/c8756293-aa8b-4cc4-95e2-267d4c575d13
  
Dropping
SHA256 102dbd5d5de121477014551296d34f353cf7ba356428450216960843c459b58d

Comments