MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2682405489622c6af884c41b4a90092432283088d56945987e8dac667e2f9344. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2682405489622c6af884c41b4a90092432283088d56945987e8dac667e2f9344
SHA3-384 hash: 6214be281cbf6f9382566ce72ca4cd9aff917a725ddf7d2803953ad4a7261b66d54ef9f1c0401fecf41f8867009611dc
SHA1 hash: fa55f09234b8af1f59bee6942ee4c4de3bd94a8d
MD5 hash: e502c0075f43a2151df34d4e276b6113
humanhash: butter-glucose-seventeen-salami
File name:SecuriteInfo.com.Variant.Ursu.840444.14433.8516
Download: download sample
Signature GuLoader
Create hunting rule
File size:531'456 bytes
First seen:2020-04-30 20:46:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 3072:1tr6Rg6TeZeHDvx7GPGYmjnNRjtLqumAkm73jZ5KURmbW:H6zeZel7fljNRj5quImTFnRmb
Threatray 1'472 similar samples on MalwareBazaar
TLSH 3EB4E12076B2D851C5906A758E59C5799212BDA7FD30814B36E37F8F3BB2212CB13B32
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.840444.14433.8516.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 18:11:09 UTC
File Type:
PE (.Net Exe)
Extracted files:
16
AV detection:
22 of 30 (73.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e2beavejmiwgv6eeyqnuveajeqzcqmei2vuulgd6rwwgm7rpsnca._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
Similar samples:
3d611ca54f64546327d9bc6993662d5058a7f07fa8e16b81fc7ee6ff60d952f2
GuLoader
4d3e8c6d43fcdf1f060986547c0d0af4a27c4ebe9377b374c6981f27d317d5cf
GuLoader
5feae79dd60821d07068c2c3d5a9d6051c10064cbcf5d85150753c2e70e9da2a
GuLoader
722521ac19cd30a318eb191975eecadb389fe26c681d76f1c5da92dc8fabac4f
GuLoader
7c20a515d31bae8b3a15773630ec4bd95c5dbceb78797a91ec258ea4bd2210a2
GuLoader
b1c1df9daeb93473a208117db8782e0a6245e3b8c6f13da6405a79a1e36ab821
GuLoader
cd1c77cf56fa182cd0a4ee201381eb27c1c959960ed4eb89501f04ab0c620660
GuLoader
d2cee19a1e56d95d538becd56933a02727bb4df3e07ed9a476fb5776003361b6
GuLoader
e53b12eba130b72d981d770ab3f22fd59c3106a7cc01e22efa163c40613d22cf
GuLoader
f7402454608a5e4510e78a5332f29cbbb01df24be9a879c0c48f27e69a66777d
GuLoader
+ 1'462 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 2682405489622c6af884c41b4a90092432283088d56945987e8dac667e2f9344

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/354993/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments