MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d144278763b938fcfdd840307f1e69f58461919b72c5c87a1c9738e76285f423. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	d144278763b938fcfdd840307f1e69f58461919b72c5c87a1c9738e76285f423
SHA3-384 hash:	920f65581decaaf455752babdcb2f3b512cf496b0091622afc9ed088b2d3f892f3b2aaa7210fd9efc8832bcc617ba4f0
SHA1 hash:	172ec616a974d5fb6375e9c82659a44ffe71553d
MD5 hash:	cfa8b75ab3dfbfe3a39af712b86c2a8f
humanhash:	comet-oscar-vegan-indigo
File name:	TNT Original Invoice.scr
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	90'112 bytes
First seen:	2020-05-22 05:17:47 UTC
Last seen:	2020-05-22 05:41:15 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	692034f50b260c2b69cec92d67250a1e (1 x GuLoader)
ssdeep	768:3fmyyUaRuhFHR/i2fLEZcW/r8iM6q2OMM+8Dz3N8BrU3gNi90H:3uxaFHxiq4ZccrxM7hMlXjE9c
Threatray	273 similar samples on MalwareBazaar
TLSH	6F933B15F4A4CD61C9504EF38E65EAE016AFFC715F264A0FB088376CAD72A51AE2037D
Reporter	jarumlus
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PWS.Siggen2.49201.24592.24271.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Rdn

Status:

Malicious

First seen:

2020-05-22 05:35:56 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

25 of 31 (80.65%)

Threat level:

2/5

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-2vv562zba2/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace 2fb5db45c746ad9462231b0c5a73156833c77a8c2241445daf224b8caac2da4a

GuLoader

exe d144278763b938fcfdd840307f1e69f58461919b72c5c87a1c9738e76285f423

(this sample)

Dropped by

MD5 d27e01280e330f5cf8b012828adc64be

Dropped by

SHA256 2fb5db45c746ad9462231b0c5a73156833c77a8c2241445daf224b8caac2da4a

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample