MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b361138d1a485395c9659ea7b607b22b9947abb8fdf8383383103412d9cd4d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b361138d1a485395c9659ea7b607b22b9947abb8fdf8383383103412d9cd4d3
SHA3-384 hash: e655dcb97cd5dc831d194f5716ae318ee0f92f1f6c85b714336d96d76d776122d18ba9e65532309f4a40a9a26e105c69
SHA1 hash: 434b1d6cd35102ae86247ac7fcb9cdb6a41ad483
MD5 hash: d9331198b574e0ebc8cfab048d7b138b
humanhash: high-eight-romeo-yellow
File name:TNT_JKT 886114 Invoice_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 05:33:28 UTC
Last seen:2020-05-12 07:26:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d5ff2b7b83543eb9b956c47ad704e8b5 (1 x GuLoader)
ssdeep 768:VS0299kRnd322W5WTIvXk1mNHpsvNBm6xSEu0H0Z+oHHh:VtNdbWsOXk1mcNdShik
Threatray 928 similar samples on MalwareBazaar
TLSH C1932B03B6E0D632E616CF711A66AB98056FFC715D22CC0769F03A2D5A37E17E52432B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FTAD9331198B574.2794.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 05:36:15 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rm3bcogrusctsxewlhvhwyd3ek4zi6v3r7pyhazygebuclm42tjq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
153df3fe76a7a30ea0cad977d5d8bbd667c91eeff663235f5e64b6ed27be9eab
GuLoader
47bd044b43d50313e7cb86aa0ab8e63cbbb1673ea0813657fa4fcac76947caaf
GuLoader
7cc0c6e489cb1b2d1dae70339b9409f9a54fa7d8920430490663b6f28ea4a7b4
GuLoader
81a658971e7a9f45c2237755d6e1d231f320d1fadf7356927ff782ae2ff22dea
GuLoader
9802e8e7e84d1f454d72be9f937a7ad59230de4819f94535c7219bc347c587e2
GuLoader
9cbe5097d40713390439b736ac90f7ac008db11188a9b8d0ad40fec39d5cff12
GuLoader
d0d1cd4e935867d366c2e0e4b213c45919a6edbc4536eeb1637fa7eeda975a43
GuLoader
d98c94265a32705781c3702b0c93298fe71325cc0d3b8ee5b59a469b412e5263
GuLoader
e43b2e9112cfdb0636686ec8994eaf717d159d10daefda23f11588a424468e90
GuLoader
f9df56ad385fec73bc6f3baf0d08e03f853f191ef975b2e467d3d6eb1ffa01fc
GuLoader
+ 918 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-63x6fgfsan/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

3c0492e48962c6e518689dd3d4e15384531a314ed593b86dc622b0891a919090

GuLoader

Executable exe 8b361138d1a485395c9659ea7b607b22b9947abb8fdf8383383103412d9cd4d3

(this sample)

  
Dropped by
MD5 93bb14399c5c9542667749c8fea39900
  
Dropped by
SHA256 3c0492e48962c6e518689dd3d4e15384531a314ed593b86dc622b0891a919090
  
Delivery method
Distributed via e-mail attachment

Comments