MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e8df463008c053a8e172aa9f867ab3c1e5be77044e7fb474c9b88af79f2e1b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e8df463008c053a8e172aa9f867ab3c1e5be77044e7fb474c9b88af79f2e1b3
SHA3-384 hash: a100236e913dc922c3439466fba23e51b7f8033dc8093eeb449a5cbbacec4f19c5268c125bb09649d1a6ad680586a2b2
SHA1 hash: 1d3426b72f2ef0b091087b88eb2d7b4637273fb2
MD5 hash: d3dd53cb9c741a9ba9481b7f27502beb
humanhash: winter-batman-sodium-cold
File name:PO105212065.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:38'792 bytes
First seen:2021-02-02 19:52:31 UTC
Last seen:2021-02-09 15:14:30 UTC
File type: zip
MIME type:application/zip
ssdeep 768:r0LkBnxv8YvTV/E/EC5ca2DwGgx2J17/Bdfe:oEnx0eTVMcaCe2J19dfe
TLSH 3103F123AF1E41714202D57D5F5983CBE4FD9F5A76899263276A57F003CEC582B802E8
Reporter GovCERT_CH
Tags:GuLoader

Intelligence

File Origin
# of uploads :
10
# of downloads :
183
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-9829111-0
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5e8df463008c053a8e172aa9f867ab3c1e5be77044e7fb474c9b88af79f2e1b3/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-02 07:30:23 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l2g7iyyarqctvdqxfku7qz5lhqpfxz3qitt7wr2mtoek66ps4gzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5e8df463008c053a8e172aa9f867ab3c1e5be77044e7fb474c9b88af79f2e1b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 5e8df463008c053a8e172aa9f867ab3c1e5be77044e7fb474c9b88af79f2e1b3

(this sample)

GuLoader

Executable exe 396cd643a11eec8640903259beefafd56fb24d9d14d99d8fe5d86c01ff8b2741

  
Dropped by
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 396cd643a11eec8640903259beefafd56fb24d9d14d99d8fe5d86c01ff8b2741
  
Dropping
MD5 18d5e1fbf3769c629a632ba3b1968531

Comments