MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e164388aa881f7f4e8ad09602a3ffc52cdd8be2e30308deea4fc9ae1d4651f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e164388aa881f7f4e8ad09602a3ffc52cdd8be2e30308deea4fc9ae1d4651f9
SHA3-384 hash: 75f631f23ef1130b2cf134b2d86ca9cd8dc34beacaf61773ce8e96ac1f4b1f679b62a7e6be0a5687703c32e7be52db10
SHA1 hash: 06e4acebf09d824c03f2a15ed087ccb4ce27abd3
MD5 hash: 3b2bc3de95e7e77d30085e162a173265
humanhash: bakerloo-bluebird-pennsylvania-delaware
File name:Obespechenie kontrakta na 12.05.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:140'288 bytes
First seen:2020-05-12 16:18:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5e5afaf5996682236ddc10181a22394d (1 x GuLoader)
ssdeep 3072:qPsGMeT6J4w63i/Gf+3v8iUQh2nI8e4s9zapYB2opbi/ucFuHrOLOOG7:MT6LGZsbn28G/Li
Threatray 170 similar samples on MalwareBazaar
TLSH 21D37D3DF763C183D2AC0B3291970F68673BBC587694494F52722F36399A3D46E1AB84
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.prosecutor.ru
Sending IP: 81.2.1.11
From: Любовь Лукина <pozhar@prosecutor.ru>
Subject: Оплата вторник
Attachment: Obespechenie kontrakta na 12.05.001 (contains "Obespechenie kontrakta na 12.05.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Herz.B.29579.12600.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 07:07:08 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rylehcfkrapx6tuk2clafi77yuwn3c7c4mbqrxxkj7e24hkgkh4q._file
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
0450362396084be91d1e47155b5af737c50d349315689bc538f09c1ef0593b00
GuLoader
25fe3949ffb0fb49cc27992f89558c45abdda778e775a58fde4647fb36dcafff
GuLoader
4188d06ab94a8883fd4864b3690168649de6f1ae86d8b2c6a2778f7f46a60e02
GuLoader
81e4e55c3b927e248c48e3c5414509e7808755d74b3504b709fbdfecba19f613
GuLoader
9be6e55ff75a4a8571940411678d521216fc0bd61cbe9d049e10dfd41bdd73fc
GuLoader
cb8b6228dc596af613b8a5fb2b0ac79326ec4265ca8f4f5dc796f9b8fa4d287e
GuLoader
d768486542d55538cb90b21c8563f395ed3d5148733e23a67bc5dba74b811233
GuLoader
e3d26ec0477d9578aaa7762c27514f91c1c9503935c9d1f48cf34698de2ac9cf
GuLoader
eda6bc27798b7230d63cae9225c466b67b05e788b315e4dc443c43cf1baabfca
GuLoader
fb30601d90268e316d5bbbe9e78bc1ad8acb4fe262d66b0a3f403425ad78f15b
GuLoader
+ 160 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/201109-t1zba8gzjs/
Behaviour
Runs ping.exe
Script User-Agent
Suspicious use of WriteProcessMemory
Deletes itself
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 44bfb747a83874724e25b07ae9d3fb3afaebfd17bf49d1a275653abf3f413bce

GuLoader

Executable exe 8e164388aa881f7f4e8ad09602a3ffc52cdd8be2e30308deea4fc9ae1d4651f9

(this sample)

  
Dropped by
MD5 7660514d11cf020388d9a376b4eb54d9
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 44bfb747a83874724e25b07ae9d3fb3afaebfd17bf49d1a275653abf3f413bce

Comments