MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bea57552e1978630f3038e4df06ea8fe0d34c9c1656c971f2bb01a894b0f67eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bea57552e1978630f3038e4df06ea8fe0d34c9c1656c971f2bb01a894b0f67eb
SHA3-384 hash: 6dc92feaf04167e1b6f83d3e63e4e429058b6a365fca3ff3ce7d28972b46fc104abf3b24d0c2edb2358f179452097670
SHA1 hash: a5c76966936825722bbdeb1945af2bcd9aaf9584
MD5 hash: cc4eec402b0acacb50b1fa01d7cdcab6
humanhash: yankee-xray-pizza-saturn
File name:03135-KLAIM-0114-05-2020.PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-14 08:28:25 UTC
Last seen:2020-05-14 08:47:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 817d5dc9da7d21f6de05349849a55471 (1 x GuLoader)
ssdeep 768:CuDPu7feC1eJ89z77XCEZqf8pwarMBx86qQvYfho:P8gJ8J77XC70pjABWL6
Threatray 1'698 similar samples on MalwareBazaar
TLSH A4832B57F3E0E5B3DA944AF01E73CA6C4127BD318A57CA0736C03B1D1A36A92952D72B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.LokiBot-7792584-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 03:32:04 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x2sxkuxbs6ddb4ydrzg7a3vi7ygtjsobmvwjohzlwanissypm7vq._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
0fad781290e1db5165942e6d7254edf797efcb2dc7712963286e054065be4ec1
GuLoader
1f1745eb2812b5c0cc6c26b69661ea1d8ab78a541271950e7b97d0cd2b502db1
GuLoader
2b419f986ea266fa5826fbb6858782f7c2acfda73aa5ec5cb21d64537d6a4ea1
GuLoader
616b49735927d0f2a78649237770fe83d86db4c50731ac38b8395b85a67ac2e2
GuLoader
890d50ea38e546ea886c5e1d211327e2d4573f3a55f1afc56eacc36ed2187474
GuLoader
ceeffdff4b0af45c77f3923e47c03a529c87dd4e0e92fdc88b0551857df53239
GuLoader
e01f7d5f5a34bc9fde408c3f3fb441b76b6a2c3e2915cbf98ac5ca84e61e2b5d
GuLoader
e09fbb76c70deb9d0d2b2eb99f4d179783e54fc42440c8e478ee834457982f9e
GuLoader
e336780f3321d06dfea57c94467d65e0ab2ab92d77c0267cf17b8d51359a5e38
GuLoader
fe7a6728da6e544a5963774daa1bae063246a1211a815abdb736ea7a31d7bd30
GuLoader
+ 1'688 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5qbvgp8f6n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

5f729fb3a82c16baf4d888fa3064a1659baff3858a1ef7995b497f6ccb5a6002

GuLoader

Executable exe bea57552e1978630f3038e4df06ea8fe0d34c9c1656c971f2bb01a894b0f67eb

(this sample)

  
Dropped by
MD5 868a725c2695fea0a048d037a499f7cd
  
Dropped by
SHA256 5f729fb3a82c16baf4d888fa3064a1659baff3858a1ef7995b497f6ccb5a6002
  
Delivery method
Distributed via e-mail attachment

Comments