MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb19d9c9c18233bf65768ed3534766ae87ada589f6223d015c47d5e4c2523d64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb19d9c9c18233bf65768ed3534766ae87ada589f6223d015c47d5e4c2523d64
SHA3-384 hash: 8e43e039262886ace19eafec32b7b66ef7dfe700126d2842d65601750a0f703ba6f42ed53a24d78d033508d216887c1f
SHA1 hash: e6e9c56842aa9e62834e132ca093d635cdc8c680
MD5 hash: 75cbff3cf34fc5442bb120c5f8b359ad
humanhash: louisiana-montana-video-twenty
File name:PO_document785553422656757IMG.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:106'496 bytes
First seen:2020-05-28 08:40:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2e5329692fb8d009dd53329ae6356d17 (9 x GuLoader)
ssdeep 1536:wNnpoEYVNANQuTw05KurM907rUTaIeSFphVq4FbAvHxNjE:Sn4/ut5NM907rUTaIlFcM
Threatray 2'469 similar samples on MalwareBazaar
TLSH 8BA306236A90EB61C53085F029078B6D157BFE3401D2495BB1DD2B4B3BB19E6FA2C34B
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: trorgaz.com.tr
Sending IP: 45.147.228.105
From: Atunga Harmantepe<atunga.h@trorgaz.com.tr>
Subject: RE: Urgent Request Quotation For HTR 864
Attachment: PO_document785553422656757IMG.IMG (contains "PO_document785553422656757IMG.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=63287B596430CB27&resid=63287B596430CB27%21107&authkey=AHre-6Bw68haI00

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5845/
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 09:36:18 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
0f9f76e8ffa64b600745b99b8f7b51cfa151299424e6523995c6c0bcd7a5cd6b
GuLoader
136951ab2919602366049b534cc5159e1d6da7bc46a9131ce292dcefaf05c449
GuLoader
2c1642f94762a15404bbc286403d839f6ceba0659179aa227232af98d2b49d6d
GuLoader
439b4bf202d997d215433860e0b2e2ccf9a53dde53f3c4a0482450d4550c4edf
GuLoader
86a315be4e708db92a2991b39cadb2074228c327640a26e019325294eeb1bc3a
GuLoader
a604cb5bd365ad6662b63b91c891d9af6c02a4fd89d29d6ad775d9401b31ac14
GuLoader
ad64a6eaa5d2494a4161158792e7cde3fb7d9a7bd36f06cc0de271192582f439
GuLoader
b584d8b69ef7c3f2689e4cecbec9932b84ca55e03c87b1aa9a9b9f56a1ba6c94
GuLoader
c1f40574d76ccbf75a61e6bbd123b59d1c384cd2c8d435cbbb2bc54211615e3d
GuLoader
fa905ffdb00ec8867a003c49ebfa43f6ff96b890c40b3fe31b0fc40bb344ded0
GuLoader
+ 2'459 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3gd6v8mhlx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 83b917b6bb83a26c2df178acc3b0eb2f04aaa743afbfe9d54ee33e5e6bc80fe7

GuLoader

Executable exe bb19d9c9c18233bf65768ed3534766ae87ada589f6223d015c47d5e4c2523d64

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370389/
  
Dropped by
MD5 3941b9f94643fa60da34bd04a7ad9e40
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 83b917b6bb83a26c2df178acc3b0eb2f04aaa743afbfe9d54ee33e5e6bc80fe7
Cape
Cape
https://www.capesandbox.com/analysis/5845/

Comments