MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 337471a86433031e87027a6459fee04e490ddfc016d4d7eab062e0a1e09ca138. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 337471a86433031e87027a6459fee04e490ddfc016d4d7eab062e0a1e09ca138
SHA3-384 hash: 6953025aaef80c8b4965abb4999cacec55eed8c09dfd008de240fa43559c26f9208a912ba1fa1487705c8fe99ad906a5
SHA1 hash: b91e87456c7766a93376d5be584693d4fa0ad6f9
MD5 hash: 845b8e8b7d49cec7cb570f363780bb7f
humanhash: steak-montana-one-lamp
File name:PO 05272020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:49'152 bytes
First seen:2020-05-29 06:22:34 UTC
Last seen:2020-05-29 11:11:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1d6f9786cef5b86638d09b155a51e0e2 (1 x GuLoader)
ssdeep 768:k5M8rk7fFkazprg+h6NBG7oQQvviokA5I/d04jH4:kMjNkatcu6NBxvjk9db4
Threatray 2'194 similar samples on MalwareBazaar
TLSH 96234C77BE990022E74DC6B024529E6239377C661551AE3B5658A92C3D702C37CF33AF
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
4
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5886/
Detection(s):
SecuriteInfo.com.Variant.Razy.674194.26786.9211.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-05-29 01:55:18 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
0494c6b3493335509d5fdce6d9592d796e592fee648f42dded58ddc29e3565a1
GuLoader
168cd5b5e4d1dfec48777cdc97b74c7b33dca67d176f9add9bb94fa89905db38
GuLoader
29f4955e8b756287e4a4b37872b8fef347c23749869d0a42e71512051fe6f0ac
GuLoader
8bbc2e9322af7c28162adfaa66055af70695b2da16b822be4b8b4deb67da405c
GuLoader
c2a89ad45cb8155c18ddea788ecbc9ba9643ecd4e93e9711a736af4a52091632
GuLoader
c92140fa8005261ee9d5c20c08fe5fd74816dbabaa1404f61444991db497bac1
GuLoader
cffb28f48a39b040f06f0563eaaac0a99f06accf37cc5da95383805c17c583c3
GuLoader
e0a55cba6885e046f0eb064179877af39b10f3d8cc74b8c697ea7c8cda6ab739
GuLoader
ee4bbc371656858005f8d7f3315d21327f447f7aa521c2e9c2d46799841f3e02
GuLoader
f78f5eeea8bfec17ed985d71b265dd5be1bb90f781004a6a473e2e116abe144e
GuLoader
+ 2'184 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4kexa8adrj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace ed11554aeabe93b128e38273bf2e8ac787bb43cf92c0cd5a1e006b07355f110b

GuLoader

Executable exe 337471a86433031e87027a6459fee04e490ddfc016d4d7eab062e0a1e09ca138

(this sample)

  
Dropped by
MD5 10b1c47c14b0f1c60b2af35d139d8986
  
Dropped by
SHA256 ed11554aeabe93b128e38273bf2e8ac787bb43cf92c0cd5a1e006b07355f110b
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5886/

Comments