MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bdd1e58d7a15e88b1f6400fa7aff3d021a3b944dde54e0b156b5d90c71e1f553. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bdd1e58d7a15e88b1f6400fa7aff3d021a3b944dde54e0b156b5d90c71e1f553
SHA3-384 hash: 340ba1f2ea2144b1be25190a9f5857da77938f3141a7ef005a841899db5e02d21e50c19dae53222822576583985078ae
SHA1 hash: 3770c5ebd1ec3a4f150852117d42af77b45f445b
MD5 hash: cef4a88901c29606b94fadcc3a37f910
humanhash: arizona-eight-cat-ack
File name:KONKYLIE.EXE
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-14 04:30:27 UTC
Last seen:2020-05-14 05:44:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7657bd905d81ebe49f98dc38d142948e (1 x GuLoader)
ssdeep 768:VrBUWfY4RFQe8AdCq5tLCU5dTGcwcYBFjrk235GIAYgzRZ/r3C0X7NL:VrvQeZR5V5dSc1YBj5GIJ+xlL
Threatray 983 similar samples on MalwareBazaar
TLSH 76834B23F6D8D87BD2148A743E358BE4450FFC3018214D4FB5897E6F6A3AA4269B164F
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.46199.8969.20526.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 05:08:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xxi6ldl2cxuiwh3ead5hv7z5aindxfcn3zkobmkwwxmqy4pb6vjq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
3667b7518f2634bfd589f12fe1fd6e7ec1701030529dd3ece0b04705e76e5e06
GuLoader
40c27e805186cc26240cbf37d1d2809412c42e2a3610fdff32cf5b8ce35459e2
GuLoader
5c86fcf32d1f15a745dd2f39989630ac310d1aee52af7b5f762f75f8855879ab
GuLoader
a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff
GuLoader
bbb38a432f7eff2a12b72c3ed853e937fbf5d7b9bd23b9f8ab61beb6bd594c10
GuLoader
c688c6b0f5bd44c8d37e810000892ce8d0e2225f1dd04a92d454fd60c7cdc779
GuLoader
ccfc389f6dd3e6d9974b6cd4bb2a2efa5eb060f48e784aabd21a723cb58ff063
GuLoader
da52dddf3fb5de8859dd962bc96eeb267fc4e723682c3defec35672be1441e5e
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
e920edae93d44363b7f23b7eb55d9074a5781ab05cdace625283ba73bc411524
GuLoader
+ 973 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-x5n41kzh66/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 27d58f27e83c7301c5dffe565551fd95f21cf2325510ae9f5f70392f05d45c5e

GuLoader

Executable exe bdd1e58d7a15e88b1f6400fa7aff3d021a3b944dde54e0b156b5d90c71e1f553

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 27d58f27e83c7301c5dffe565551fd95f21cf2325510ae9f5f70392f05d45c5e

Comments