MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a6e8ba289a5de8c33b711ffe2d26a357d07d2c7147c127385810c64fa57d7ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a6e8ba289a5de8c33b711ffe2d26a357d07d2c7147c127385810c64fa57d7ed
SHA3-384 hash: 8b7813fd0a374b2de2dca422d9cae8f520aab1f55fd428f01f94385bd519e4f13f65cc8293e21c7ccaa8afb7ecaba859
SHA1 hash: 846e57263aab94a65491c69fb168160413436676
MD5 hash: 8b9411fdc34b77588446fcea26f2e764
humanhash: beer-angel-iowa-xray
File name:8b9411fdc34b77588446fcea26f2e764.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-01 13:38:19 UTC
Last seen:2020-06-01 13:38:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ea7ccfec2a90ca75ac8933d9bd60d9d6 (1 x GuLoader)
ssdeep 1536:MFO8lLEki5gSWmCB8bNehzB6LjdZFj7b:JL4mC2bNhndvj7b
Threatray 910 similar samples on MalwareBazaar
TLSH 48835A1BEA0C9A12D16846B01C57C7AE2F11BC0C48821F8F754F7E6BBB317A65C6D22D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1REmJipiYUKK0bHZKfDA1LP9PIWDb4PLV

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5928/
Detection(s):
Win.Trojan.VBGeneric-7992389-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 13:41:01 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fjxixiujuxpiym5xch76futkgv6qpuwhcr6be44fqeggj6sx27wq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0206919af0add6cabd8ee38f1dc151c65630f204c63d4c145105c52f67c23de2
GuLoader
02b9bc3c8ac2cea4764860f49e6be78b8fad956c7bbf28d4260671bb5260568d
GuLoader
0ec3c68f6fa845bcc40ea35365aa204f7e8bdf8010ea20dec2e3ea3f46838e02
GuLoader
3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
GuLoader
50ca73e510646ea1534f248099ce844f7f6178adb93055f8459ec07645f48e79
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
GuLoader
dc33d410898885b637ad8dd510d290ff2c00ae00069f28a60a282364faf0384e
GuLoader
de5da2008e231c60a227d6700248953651e0242542f07027e400760283b91d42
GuLoader
e265bbf3f727ff892423b3e24b5368ab4f694c86334bf68ae62ff20dfd7ce5b6
GuLoader
+ 900 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ezz8chklla/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/5928/

Comments