MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 397d78ef032cac6fc37be9719672f02cd4df36135977079fca7b4a45a4ae352a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 4
| SHA256 hash: | 397d78ef032cac6fc37be9719672f02cd4df36135977079fca7b4a45a4ae352a |
|---|---|
| SHA3-384 hash: | 0ef4b4922a8ab5cb638b4159fb6699b7c69d02e43aa14993bc5240eec1d2620cdfd37af5b587667ce011c182ae359bd2 |
| SHA1 hash: | bef3c90b8b1a3ad79f3c2d6de5ca3bd9127349de |
| MD5 hash: | 3eba7a28bef19841ad7171f35ee753d7 |
| humanhash: | enemy-blue-neptune-papa |
| File name: | PAYMENTS.SCR |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 139'264 bytes |
| First seen: | 2020-06-02 11:01:13 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f9a46cefcbcde1970fe02477a6518a7c (1 x GuLoader) |
| ssdeep | 1536:Hm+uKvBeNRYvvXXXbZZ/KTBgMFfIg8P3yD28xb0UAG:QaXXVYl9Sg8/geUAG |
| Threatray | 816 similar samples on MalwareBazaar |
| TLSH | CED3A55A7A54C0ADF9414B3291EAC2EB391CEDB1E916455F3133FD0A6A30D462CE2F39 |
| Reporter |  abuse_ch |
| Tags: | GuLoader scr |
abuse_ch
Malspam distributing GuLoader:HELO: slot0.veresegyhaz.tk
Sending IP: 192.236.147.248
From: Audra (M) Sdn. Bhd<sales@veresegyhaz.tk>
Subject: Requesting Balance Payment Confirmation
Attachment: PaymentSlip034.pdf.z (contains "PAYMENTS.SCR")
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1QctpCKpRHrw9_oTuEq1lYBn6_pVHRbzw
Intelligence
File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Gathering data
Threat name:
Win32.Trojan.Lokibot
Status:
Malicious
First seen:
2020-06-01 22:10:52 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
2/5
Detection(s):
Malicious file
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 806 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.