MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f8165481c274ddcb418174d872038cfb90bb84d3d09472bdac743341de9cf3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	8f8165481c274ddcb418174d872038cfb90bb84d3d09472bdac743341de9cf3e
SHA3-384 hash:	1f33612db32e49fd228e1ba0106e175343c8bbc19becd2aa0058048b3fc4d9231d565935f34d0702820872da0809f979
SHA1 hash:	621701f672a864eab6e4fc774a3a8b964a3a70aa
MD5 hash:	07a4250276a679920df3112f9e048d24
humanhash:	michigan-oranges-carbon-kansas
File name:	18b5ec2386e98691c32f8e20f877ba40.exe
Download:	download sample
File size:	112'640 bytes
First seen:	2020-03-30 21:56:10 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep	3072:+gDzHZfB0JAVP4IIqXh65+qXIMqtLGfH:v5fB0JAVgIIeq
Threatray	129 similar samples on MalwareBazaar
TLSH	1FB3B54C77989160E2EE47B085F34324827AD497A967CE4F05C618FA6B3F3418A4BED7
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1cg1ciad8CtT5osKv5npuncOeEmkJLJqm

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

Win32.Trojan.Mintluks

Status:

Malicious

First seen:

2020-03-30 22:35:26 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

30 of 46 (65.22%)

Threat level:

2/5

Verdict:

malicious

06ff593c0c848c19d9f138b5b5d37894c8defc8ef4ddd44a9d027cea28be869c

0904cc3ac5743bc4e4f4dcfa31ec6cfe449c12646542f970cbfd53d8dd6915bf

1fc0b64aa5ad4ffdfdd207d5d59dfe238ab1573b793d6da0dca9df7918fdad9e

441722dd08836654f243e5ab8a27da0a52ac6d1eac0e33c25e81068ce049338c

51d5ab8487876cbc9c82c7450affdab67de13f1ff8b126f82fefa4281698ad59

6a5bf81d82a8112290a0eef40ece993c13143ad63feb1b4452528187a98627b0

79b5482b4c782cf8336701470de400c788089677dea8464daf218c4fb876eacb

8243c8a72e7a2021b4d956f5dafc19ded0162e9eb99f158f8da83660ea9368b5

ad75e1f7e686538860a9ae28ba0b68fb3c528c403618cf34b26a2b541e7bd0a2

+ 119 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

2a8a4248e6dcab514ddf3faf96cb4cc9b9d6bd0781c1f50e2d09a59b540c7800

exe 8f8165481c274ddcb418174d872038cfb90bb84d3d09472bdac743341de9cf3e

(this sample)

Dropped by

MD5 18b5ec2386e98691c32f8e20f877ba40

Dropped by

MD5 c6f7c85681e9cbbd8a4782258c5fbd92

Dropped by

GuLoader

Dropped by

SHA256 2a8a4248e6dcab514ddf3faf96cb4cc9b9d6bd0781c1f50e2d09a59b540c7800

Dropped by

SHA256 638a80c79accb8901c3d6597017c5511c5b57e9de25889a7c6f831066bb819e9

URLhaus

https://urlhaus.abuse.ch/url/332491/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample