MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8a6d117bfaaeaf97082bdab997196ebc517e34c45eda9b687c19923feeefdd6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8a6d117bfaaeaf97082bdab997196ebc517e34c45eda9b687c19923feeefdd6
SHA3-384 hash: 68e9e7e7277e10a65e337655a8755a87d2edb04b831504b52000d2802480d440d08bf1073219f724027919e262d5ab78
SHA1 hash: 28f3bcda42127e0228e7ff22c0005c9282907a59
MD5 hash: 80f922a4bb6313d24335e298e9b03a82
humanhash: north-kilo-skylark-sink
File name:Purchase Order Ref AIGNEP180520.PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:180'224 bytes
First seen:2020-05-18 05:59:14 UTC
Last seen:2020-05-18 07:11:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1dcd3818367b41b8ea50338d60911bc4 (1 x GuLoader)
ssdeep 1536:PwuGPbgtVa5AGpsXdmk/bcQFVIt7LlztGy8UX05EzA5HaeDdgCSaiUK+gJWCLq9A:PwuUbW2Aptj/y522MEzA5HaRUiXJWCJ
Threatray 742 similar samples on MalwareBazaar
TLSH B1046C21FAC5AA03DA21483EDBD1C5B885667CB01E52CD07B1453F9F3AF6912A672327
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Graftor.751753.26788.6810.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-18 01:19:59 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ctncf57vlvps4ecxwvzs4mw5pcrpy2mixw2tnuhygmsh7xo7xla._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
085723cd3bf42b5f4cba4d975389d6f088c22cc696f4f0771251a3a1afaedc53
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
59825608710179356a6809648f78199bce58922841920895d441db2ab64e2da7
GuLoader
5d615e82f2b0a90f4d7b50e17fa070d6ce5684bde0a5de1d0661f2d166af964b
GuLoader
abc26a4dae06f9fa3a58be8ae001afa9b529384fd22814469cd4e7bc5b8c1255
GuLoader
b289e7a3e27dfee54ea6a2610a3cc690b96d7dafec31756401349935e3d83202
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
db740f36a91f4fa311184714bdb059022ba29a054975db509a5bb782eb542533
GuLoader
f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
GuLoader
fdfc7684865596ff802669590f077277385119144e11e6a1827910c39b0d5731
GuLoader
+ 732 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-n4gzwamcys/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

tar 89e90f2b583fb809b62161682d47407ef23e4004eece3d597e0defcdbb35de40

GuLoader

Executable exe f8a6d117bfaaeaf97082bdab997196ebc517e34c45eda9b687c19923feeefdd6

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 89e90f2b583fb809b62161682d47407ef23e4004eece3d597e0defcdbb35de40

Comments