MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 048455f6416671249ff633c4a0525bb6bb2d6d871de7b74438247c719c2b2103. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 048455f6416671249ff633c4a0525bb6bb2d6d871de7b74438247c719c2b2103
SHA3-384 hash: 8e50b3760eb791f86227c485e1194a195da3b4d1ae0fe88aa87f3f96c6a617807dd1f5b1595da44b4249c4f74ee1c6d8
SHA1 hash: 0c11115fd32e2ad3f4b9cf514a4d088b80c61917
MD5 hash: dded910ff442d3314400dcd0e7e699ee
humanhash: fruit-maine-lake-mars
File name:Factura Marzo.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-04-06 14:52:44 UTC
Last seen:2020-04-06 15:36:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 25fcc06c273ec57c8741620b114965cd (1 x GuLoader)
ssdeep 768:5bUtftRf4UxdhR3evOk4PmvX4OdBh9Ckt0mCIpn942KjNZ:FU574UxdX3eWNM4QBhQkLXn9lKjz
Threatray 480 similar samples on MalwareBazaar
TLSH 07A3C422B960FED5F5144EB189769FEC42F1AC34AD066A0379C83F2E3832140BB61F56
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7650635-0
Create hunting rule

Win.Malware.Generic-7650850-0
Create hunting rule

Win.Malware.Generic-7652320-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 13:07:58 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ascfl5sbmzysjh7wgpckaus3w25s23mhdxt3orbyer6hdhbleebq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
14c7c733c91c716447e5691a44f236a479e51f0837bb78eab4a910a95af08ccc
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
1e04c1e4eefe23f454553364e757209462f2561d8455628b296b1dbe83fc6ec2
GuLoader
3e5bbf9fcae918011ec4eee75ac6402fddf20d09fef95b362d0e226d56b80f1d
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
e781a2162de7ea85b85a82cb16bbe8bfbff33cfa368e096ee63d6108e18b0e79
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 470 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe 048455f6416671249ff633c4a0525bb6bb2d6d871de7b74438247c719c2b2103

(this sample)

AgentTesla

Executable exe f31b8a6cadf10ee7c20d5bb1ae1c3c009a305ae7e17df33912eed70098a4bc62

  
Delivery method
Other
  
Dropping
SHA256 f31b8a6cadf10ee7c20d5bb1ae1c3c009a305ae7e17df33912eed70098a4bc62
  
Dropping
MD5 ae579e96a7ce8f77e31118d4ae0a7bff

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments