MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 085723cd3bf42b5f4cba4d975389d6f088c22cc696f4f0771251a3a1afaedc53. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 085723cd3bf42b5f4cba4d975389d6f088c22cc696f4f0771251a3a1afaedc53
SHA3-384 hash: dcccce0b4c4394060e55d97473230f45b680c993ae78ab5dd977192c828230a4c507e3f59f365c28845dc5c4b9f3257d
SHA1 hash: ff6b2c83e25e2a7a7ecb7cba1168d491aaecb109
MD5 hash: af06a4445a4d0b4691eb8124d021ce25
humanhash: artist-spaghetti-finch-south
File name:Supplier-Face Mask Forehead Thermometer.pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:139'264 bytes
First seen:2020-03-25 16:01:22 UTC
Last seen:2020-03-25 17:52:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ca7b5563653efb0045943a75518e6143 (1 x GuLoader)
ssdeep 1536:tYTU6hYhgebNojQNtdJkNWejJ36bj1cDTV6LT71wJvBeykShptMMJZE:tY9KohrTcD10eyL3MMJW
Threatray 1'518 similar samples on MalwareBazaar
TLSH C3D37C23F9A2C598E85A9F741CA68FB81612BD610DD50A4F7C0DBF3C38F618716B0B65
Reporter cocaman
Tags:COVID-19 exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7653072-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-25 18:43:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bblshtj36qvv6tf2jwlvhcow6cemelggs32pa5yskgr2dl5o3rjq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
GuLoader
3c11c15902d64e4b5ad06df07af329cb59a9626dae68a25fc9fc87dd4db9e6a2
GuLoader
4fb3528f5fc1a30b03cf69920e1db68cd4943c1c303a09cac0723a10abfcc378
GuLoader
5cd5f57afb04ba3ce4e5aaee5a7fa7d10b24a334e30911a49a4cc4cb52982848
GuLoader
5d615e82f2b0a90f4d7b50e17fa070d6ce5684bde0a5de1d0661f2d166af964b
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772
GuLoader
db740f36a91f4fa311184714bdb059022ba29a054975db509a5bb782eb542533
GuLoader
f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
GuLoader
fd70366a0abed417301e2a312927e5697e8ded01a50c830b408978fb61ff9241
GuLoader
+ 1'508 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 68926a6ece944779e9d78d92449353506796bd5c5f4c037c1e383104c015206c

GuLoader

Executable exe 085723cd3bf42b5f4cba4d975389d6f088c22cc696f4f0771251a3a1afaedc53

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 68926a6ece944779e9d78d92449353506796bd5c5f4c037c1e383104c015206c
anyrun
any.run
https://app.any.run/tasks/3707c360-6b7f-4456-9dd5-b78f70f9d3a7

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments


Avatar
commented on 2020-03-25 16:43:21 UTC

GuLoader payload delivery:
https://urlhaus.abuse.ch/url/329791/