MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65ec71a21b121cb6b5ad5c16425f217589eac46a8879aad3a8f04f5e5b2d872e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 65ec71a21b121cb6b5ad5c16425f217589eac46a8879aad3a8f04f5e5b2d872e
SHA3-384 hash: 81c99443d41d6d039cb5835f4507667e73bb7e82676867f15c3fdfe15075c196d48039231e9c91a60b02da9be77360d5
SHA1 hash: 8fb76739fdb29c79269ce2c98c7bb15203e1f440
MD5 hash: c909511407214383e2774feb86235a16
humanhash: wolfram-bulldog-finch-music
File name:Tjavsendeudt7.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 04:27:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5560a6019b700bf09a9cd989d3f752f4 (1 x GuLoader)
ssdeep 1536:wSPfxV40PkXe+Ajf1WkgrKHxLdGKc+o0FDHdZ1gIIYOV5WkVttrb4SKYJ:ZPXPkoj94KVdhjFD9z0VV5Kk
Threatray 1'003 similar samples on MalwareBazaar
TLSH 2EB36C03EE4D8553C1888FFD2D135D7A7B1CA94A0D401BEF627A6DAAED316432C9B21D
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6435/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 04:35:26 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mxwhdiq3ciolnnnnlqleexzbowe6vrdkrb42vu5i6bhv4wznq4xa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
3a865f21dc1c62ee31df28d89094e9e95d480e2bc6b75b3a6543b2906d975a61
GuLoader
654512ba13cb405d6b839c46b229c1a6d506fbe3749861d8973f484edf9ef791
GuLoader
65ab725aa981b93b5f3ca28ea8f5257235f6974abe8fb5b03086cc1f9c6aa41b
GuLoader
73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b2ad4bb1d6523d5541609a20280c7858ee9dbf33a206146082de81826efc8927
GuLoader
b8565239fc984ae11a613ad6a80eebcf3e006125c8e6240583a0365669c32397
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5
GuLoader
efbf4adb2b50d1284084841e1d5c1deb99a69d979fced2d2a5675fc666e3b76a
GuLoader
+ 993 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3exabhaaqe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace e53b75475d1fba390648e8d2c7dec986a775a5355f464f823ec2dd9fd91de42d

GuLoader

Executable exe 65ec71a21b121cb6b5ad5c16425f217589eac46a8879aad3a8f04f5e5b2d872e

(this sample)

  
Dropped by
MD5 1b7a51b3dad66b9cf1e44a7861ba0e86
  
Dropped by
SHA256 e53b75475d1fba390648e8d2c7dec986a775a5355f464f823ec2dd9fd91de42d
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6435/

Comments