MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ff2f39aeebe67fb77f29fed1cbdf9918dc2d3abbe924092f7b770eeb5c78ee5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	8ff2f39aeebe67fb77f29fed1cbdf9918dc2d3abbe924092f7b770eeb5c78ee5
SHA3-384 hash:	17401ae451ecc5a3f209c10717907398a10558b6847fa8d8f2dfa819ea4b8c52c0c6bdb076d73f093c9bde1542bca695
SHA1 hash:	1c23f0abc6335126adcb38910aedbecd22259517
MD5 hash:	27bcd2906bd086cf8c94e4f77c6c3abf
humanhash:	table-emma-sixteen-sink
File name:	NEW INQUIRY MAY-2020_pdf.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	1'746'944 bytes
First seen:	2020-05-12 16:18:21 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'597 x Formbook, 12'241 x SnakeKeylogger)
ssdeep	49152:o2Tb0ZiXfdN12/9/Y7rR8nYB0WjZiWoaY:bAIPdN12/9/iRSYjZVY
Threatray	508 similar samples on MalwareBazaar
TLSH	C28523A7724E8E17CA6E15FFC495D25003F49A627062E3D72EE288DD13D17C20889EDB
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: 45-138-132-30.derakhshanrah.com
Sending IP: 45.138.132.30
From: Wang Tan <sales@gathersun.com>
Reply-To: Wang Tan <soomla6384@yahoo.com>
Subject: NEW URGENT INQUIRY 2020
Attachment: NEW INQUIRY MAY-2020_pdf.rar (contains "NEW INQUIRY MAY-2020_pdf.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Artemis27BCD2906BD0.16168.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-05-12 14:28:01 UTC

AV detection:

26 of 31 (83.87%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=r7zphgxoxzt7w57st7wrzppzsgg4fu5lx2jebexxw5yo5nohr3sq._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-g2ktxnle2n/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 79f4f8fbb3fff6f470ee277e8037b63927ed40ec98bbe7148f8644d5e3f12842

GuLoader

exe 8ff2f39aeebe67fb77f29fed1cbdf9918dc2d3abbe924092f7b770eeb5c78ee5

(this sample)

Dropped by

MD5 010e996b055dc5831058940352bd5827

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 79f4f8fbb3fff6f470ee277e8037b63927ed40ec98bbe7148f8644d5e3f12842

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample