MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e138e193f238741fd16716931cf287fbd71a927fa24dae8ec5eb46dca09f68f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e138e193f238741fd16716931cf287fbd71a927fa24dae8ec5eb46dca09f68f3
SHA3-384 hash: f9b2a935f6fee350c513d1af85bb0d1e6d2634c36dfdfc4be19cbbdbd28b45e73847bf78b8207dfd0fc8d43e4b6ba0c4
SHA1 hash: b34a99f0e9cef55bc1683dd6005e619618868f94
MD5 hash: 5fd581753a9e266fd3c09f822fe78d8f
humanhash: artist-october-violet-bacon
File name:TNT Original Invoice.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:126'976 bytes
First seen:2020-06-04 15:34:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 46fc9dd82badb4b627c6d235eae705cc (1 x GuLoader)
ssdeep 1536:28rcnME0lTuDynU0NqpE76jHHwdh3w+GNr/3PEW5vRwChkuhgur6Klkz3qcs8t:2MfEcuDynFmjHotk3PV55hkXuefHFt
Threatray 922 similar samples on MalwareBazaar
TLSH 2FC38B17AD4DC342E4110AF13C238EAC3A276B1D9D815E6F2046AEDFED7535168EA21F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6589/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 15:35:52 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4e4ode7shb2b7ulhc2jrz4uh7plrvet7ujg25dwf5ndnzie7ndzq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
093e7cd7215e4c58cde245f8febd7ae91c79e3d01786e8166b6627536415dad2
GuLoader
0a48a4027eb05b188d2cdb83f220a3160c9b5c9006df53306bbf5e4ad9ec55c2
GuLoader
1c3b6c661cd142c98ccc346a878878141b33361c7db6176c5bedfea72e1a59e3
GuLoader
474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f
GuLoader
4b4c8b74b632893033dfa8d4099db76155f6941ab5a63ba7c5a680168ad73b1b
GuLoader
58faef99e4fcfd4f1b48907d4dcc145c0aa1013e43d938abd7a164ff46104975
GuLoader
639c28cc97accffb8a92a13ad5056da2a739421ef4965e768fa57356a6685d19
GuLoader
7d90dd1c7420b9b1300ffc653c2465fa6c602f664b2cd0fdf1644a5cdef4954a
GuLoader
9b8fee4a096749fce4ec76b215122c14077c6beb995a05306ebd88d404192574
GuLoader
e13acda03eb4829793beb5c0664d5752663b7ef5ae72b63724e7eaf189a9fec4
GuLoader
+ 912 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-8esyfs2zz6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace af69862f44d89836178d68c37024021a751b3a52b3a58b6faaf0711b7328a964

GuLoader

Executable exe e138e193f238741fd16716931cf287fbd71a927fa24dae8ec5eb46dca09f68f3

(this sample)

  
Dropped by
MD5 f15ae02461fe594b65ab7c05d727fbea
  
Dropped by
SHA256 af69862f44d89836178d68c37024021a751b3a52b3a58b6faaf0711b7328a964
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6589/

Comments