MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1ff1c16441255468cf921e8b9a455c957f73a2a433aa469349ee7a6d5e916b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e1ff1c16441255468cf921e8b9a455c957f73a2a433aa469349ee7a6d5e916b7
SHA3-384 hash: 5668af62f3cc9c3b6acffc85fc5c30ff8a9ddc8d00ed3cd3efe8fcee074dfe8e2136a1d15d15e3c652bbfcbba1ae3862
SHA1 hash: 6ac5454114995dfaaf9b2634672a9e372286b9f3
MD5 hash: 1d6846600bedacaac9dd5ce511447f77
humanhash: fruit-eleven-alpha-lamp
File name:Uncatesup2.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-15 05:46:46 UTC
Last seen:2020-05-15 06:33:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9a20f23e6d7cb3c515ec360fd8e77a41 (1 x GuLoader)
ssdeep 768:IS8IpHdEtdm364D191lqnAfXz7tzykuKGqv3Msq/r:vpMY37D191JfD7t+kuKGqUJ
Threatray 5'623 similar samples on MalwareBazaar
TLSH D3832926B9C6D435C524C6F03F96D26A296ABC301A12CD2F78877F3E6972D32E424307
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.PonyStealer.fm0@BSRRailG.22325.29770.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-15 06:35:35 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
228e2e5ff30fec5cdde918f48e98664d9bf1f77f550666baa21208ca9b047af4
GuLoader
4dac6edef78dafb90df3fd12392f3476743ec38556aa72d364c913cb7f866ec3
GuLoader
52b517b0e9be1efed3349ff5b7e7e4a392881437d7bc9ccd7b94bbc23e28a2f9
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
9caec0c38913b9f2b16161ea88489a600de3eb402192b91d09cf8b692719c4cd
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
c99fc7455ba8df7d54e74b20d4a3db4ef2e29bd73309119a24cc46f28122697e
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
f369e30fd81082121a647df35059bef5bec1195fb240ca1b622ebcce75a4bacb
GuLoader
+ 5'613 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-1sq68pjtva/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Word file doc 7efe4ff4cba2c9ae9f347fac667a576bd4bc73fa42a31e58a0452790275034f0

GuLoader

Executable exe e1ff1c16441255468cf921e8b9a455c957f73a2a433aa469349ee7a6d5e916b7

(this sample)

  
Dropped by
MD5 97c48f29e01c5f06b4e218ba012cdee3
  
Dropped by
SHA256 7efe4ff4cba2c9ae9f347fac667a576bd4bc73fa42a31e58a0452790275034f0
  
Delivery method
Distributed via e-mail attachment

Comments