MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 102dbd5d5de121477014551296d34f353cf7ba356428450216960843c459b58d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 102dbd5d5de121477014551296d34f353cf7ba356428450216960843c459b58d
SHA3-384 hash: b5a535caa204fae514b61c4e70fa71e9ab71fd4477bfbfe0b44fe46857ac6357b297791ca87f07c0186d73a820352ee2
SHA1 hash: 492b4c942124170c81e1699bbe84e454f389bdab
MD5 hash: 9896fc3a63bf29a3e6e9efb8297b9a8c
humanhash: april-burger-freddie-jupiter
File name:Tuberculin.txt
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-03-23 07:57:13 UTC
Last seen:2020-03-23 09:37:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f77d9a5f835df5a15cd7ae12290228c9 (1 x GuLoader)
ssdeep 768:CVmYglc4nFF50bA2LTxLtfBl4cQ3NQn38mRSmbQFfCzNz/l1qMnR3+V:CVm1lhFrOA2fP4cQ3NsRSK9zNTLR3+V
Threatray 851 similar samples on MalwareBazaar
TLSH 98837C27F740E925C89DCB3E6C07C7D115237C646A91DA5B36C4BB0F6CF1062AE19B98
Reporter cocaman
Tags:GuLoader txt

Intelligence

File Origin
# of uploads :
2
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7639438-0
Create hunting rule

Win.Malware.Generic-7639551-0
Create hunting rule

Win.Trojan.VBGeneric-7639561-0
Create hunting rule

Win.Trojan.Vebzenpak-7639767-0
Create hunting rule

Win.Trojan.Vebzenpak-7699953-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-23 09:28:54 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=caw32xk54equo4aukujjnu2pgu6pporvmquekaqwsyeehrczwwgq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2b06bef1e11a4116301fd6fe39fee4f1a131cff248ba8e1213335161f51385f9
GuLoader
484b37c91fa9737deb4621d7adaec989419ba06a4e97ae797b7fa6fdbfaf3e67
GuLoader
525e84690c9ed421e2fef9331729469af6d9ec8edbd67f55ccbcaab6b688bd0c
GuLoader
94aa044af536864b0126b945a20ca29ccad0f3471d8ee3516c10b065ed49739f
GuLoader
9e078800efb0d015e268e68afc688fc189ed29a927fe6df75d174365446569da
GuLoader
b6815b7c6bd39d114da295e839d472997b073db3d57429aadad20bb73c7b47c2
GuLoader
c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa
GuLoader
c786900907fb436588483d9e7687c3abc6c0d2a72c9dbd17b5bdc1415df4c34f
GuLoader
da9905dfd7e60f5a61bd23a3820c461bb67d59f5dafea80ee20f838871c9ce83
GuLoader
e781a2162de7ea85b85a82cb16bbe8bfbff33cfa368e096ee63d6108e18b0e79
GuLoader
+ 841 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Word file doc 9e078800efb0d015e268e68afc688fc189ed29a927fe6df75d174365446569da

GuLoader

Executable exe 102dbd5d5de121477014551296d34f353cf7ba356428450216960843c459b58d

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 9e078800efb0d015e268e68afc688fc189ed29a927fe6df75d174365446569da
  
URLhaus
https://urlhaus.abuse.ch/url/328611/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments