MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40c16da071e7aa38cfd9e856ba7c77f8682b6cd1f49af637511e605f7d427087. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40c16da071e7aa38cfd9e856ba7c77f8682b6cd1f49af637511e605f7d427087
SHA3-384 hash: 3b570a47657d182e8e7e62014d10a4d3208b8fc6e62dc5ccd22afa0a16ccdab457d75331cc61ab66da7956eef8b0fc8c
SHA1 hash: d04af5bbf819a1872a0bb3c77acce05f09d4e741
MD5 hash: ef08ba20ab3a5177fd0c795e11d987ca
humanhash: fix-triple-fruit-red
File name:HSBC Customer Information.7z
Download: download sample
Signature GuLoader
Create hunting rule
File size:48'165 bytes
First seen:2021-09-15 05:09:53 UTC
Last seen:2021-09-15 07:17:05 UTC
File type: zip
MIME type:application/zip
ssdeep 768:1BttG+aYjISgv/Iht6NRS4bHK/g8T6dd6R1W6tK8vAt0OwWtMoQ4wlf9pScsNReu:10+aYm3M4bHC+ddkhtK87Ow0JnwjpSxn
TLSH T14323013EC671513BCD05DB76E2622B7E24A64C768F6B70D871E720467CFE8504B42A61
Reporter fabjer
Tags:7z GuLoader HSBC zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37585152.18438.892.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6175138edb358dd15ed923ef/reports/0f88b5c6-0149-4528-99c5-e0c981e0d681/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/40c16da071e7aa38cfd9e856ba7c77f8682b6cd1f49af637511e605f7d427087
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/40c16da071e7aa38cfd9e856ba7c77f8682b6cd1f49af637511e605f7d427087/
Threat name:
Win32.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2021-09-15 01:09:55 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
6 of 45 (13.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=idaw3idr46vdrt6z5bllu7dx7bucw3gr6snpmn2rdzqf67kcocdq._file
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla family:guloader downloader keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210915-ftpf7sghb3/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent file
AgentTesla Payload
AgentTesla
Guloader,Cloudeye
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/40c16da071e7aa38cfd9e856ba7c77f8682b6cd1f49af637511e605f7d427087

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 40c16da071e7aa38cfd9e856ba7c77f8682b6cd1f49af637511e605f7d427087

(this sample)

GuLoader

Executable exe 4773c7c5c52d0163bfa32cb271399692831e00ff7e6877f0877091e111c9f063

  
Dropping
SHA256 4773c7c5c52d0163bfa32cb271399692831e00ff7e6877f0877091e111c9f063
  
Delivery method
Distributed via e-mail attachment

Comments