MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a282a70f09a9e53642cd66ecf3392f635829352afd38613c919e169b92c3a39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a282a70f09a9e53642cd66ecf3392f635829352afd38613c919e169b92c3a39
SHA3-384 hash: 46b1bdc2a9b9687d84c1274bedf574c05578642754655a0e59a46e3fc0490b5d11533593b68b39704af52d05623c7194
SHA1 hash: eec1da2eb9ed6d132890403e25434f11bc4619ab
MD5 hash: 0d62c8e058ec9555e0dc7c0b80836851
humanhash: salami-item-november-solar
File name:DHL001173990273892PDF.EXE
Download: download sample
Signature GuLoader
Create hunting rule
File size:957'440 bytes
First seen:2020-05-12 07:30:19 UTC
Last seen:2020-05-12 12:02:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:Sg0JHX+nO5nqQM1V4kWDSMzjlSkTzvGvKoqbJKSgb3rC:g+nOcQGZWnlSkPGUJHW3rC
Threatray 490 similar samples on MalwareBazaar
TLSH 4B15AE373A829039C46D427180BD9AE6E63B3A853B16CA9F718FA31C5FC315B7B5118D
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
4
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VVS.7986.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 07:35:42 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=niucu4hqtkpfgzbm2zxm6m4s6y2yfe2sv7jyme6jdhqwtojmhi4q._file
Verdict:
malicious
Similar samples:
00481f6d6a28c6792dc0ddeb8cf053ec065be3ebebd70137dc51dbbd1f4c1898
GuLoader
00a20868d3e356fdcb214fed1e14114afb1c9b93ca530dffde975b674c8ef580
GuLoader
0fc1100eb083ce6f3b25e85af328e2b3c70f3bb7d62090c86d467c706b816e1f
GuLoader
3710beaef523f6d29db7f87e5bc78087ce476cf94f28611216dc7f293d2e421c
GuLoader
498c8d8beebceb314b046ebd5bd373505b4288bf855e2b1d15a0a2d432dc8990
GuLoader
561ef20f402a8aad423ac02ae911a988bbe4d82d523be9b950fa808a706bbb00
GuLoader
ae544d8c96450e973a2826bd35d8b0535db45e33a123b7e86843dff432965067
GuLoader
b98a4fe09d537a8a4cad4cf74ab32a412d01d9d5942d7f3b969690cffa970905
GuLoader
c8d588cae4d2691221f0b518d6a663c498f28663b9cb806df73249ced7b71322
GuLoader
cc8ced87461f345694c927ccd2e09c93ac5522d63940f4fdfa2e36dd13286a6f
GuLoader
+ 480 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla agilenet keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/201109-smx716ntfj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Modifies service
Suspicious use of SetThreadContext
Drops desktop.ini file(s)
Obfuscated with Agile.Net obfuscator
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 0e8e1a3fd2a1f323ebf48b5efb5ccfa6fad282c8606bb258e306a3b476feea0c

GuLoader

Executable exe 6a282a70f09a9e53642cd66ecf3392f635829352afd38613c919e169b92c3a39

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 0e8e1a3fd2a1f323ebf48b5efb5ccfa6fad282c8606bb258e306a3b476feea0c

Comments