MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81ec16cb3ce466145ee3b020d789914f022db876c99063d95c2b62799440a9db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 81ec16cb3ce466145ee3b020d789914f022db876c99063d95c2b62799440a9db
SHA3-384 hash: eae6d1d38ffbe809edb7d7a6ad6c70d1669e948f5a66de6e513c946bc4a0f6cd8be70f64238ac58529b7ee0c7726e894
SHA1 hash: 16088464749b98afefca2cfbe0d1dcac548b2a62
MD5 hash: fafc73c85ea6abecf287944cfc8ff8fb
humanhash: bravo-pasta-alanine-skylark
File name:Payment advance.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-04-07 04:46:09 UTC
Last seen:2020-04-07 05:41:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8bf11c46b2cc639d1721e81e5c9c215e (1 x GuLoader)
ssdeep 384:YFQdUicSDlrVgFDY2N00kwEuvUgkluqT3pLmWgEPJH7OiR0TvA0tTa73vm0UAA6Y:YFUN59Bhg2hcN3bRGbzpJ7D5PhEnt5q
Threatray 780 similar samples on MalwareBazaar
TLSH 9193E6A2B950FDD0F8084EB29A7ADFEC45D6FD34AD006E4765C47B6E3834081F661B46
Reporter JoulK
Tags:AgentTesla GuLoader


Avatar
Jouliok
MAIL FROM:<admins@blcontrol[.]com>

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Agensla-7650672-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-07 04:47:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qhwbnsz44rtbixxdwaqnpcmrj4bc3odwzgighwk4fnrhtfcavhnq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
066bdbaf5b5526cc3040573bea83da7a384e0c97df13d50a7cc0716b1dd8e6ac
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
5b113b08d25005c3195b8144e422bdd1a2f866fc3cf9d6bc641f006539e97e07
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c7ead8266de17cda17f2c1cf6b146c616a092f2a4d2e59cf80e2815976c5932d
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef0116d9f61a26ad233dc3edc1990eb6c83b0398a593c65ef19f106008892eee
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
f0b43b05479d8dde3603ef587da02925b703d7d5bc8332656ab9ca7f7e1554a4
GuLoader
+ 770 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 81ec16cb3ce466145ee3b020d789914f022db876c99063d95c2b62799440a9db

(this sample)

AgentTesla

Executable exe c68ca95d35436bd4f31c1c447310f00e330b8535395dcd4a6648661d7e42556c

anyrun
any.run
https://app.any.run/tasks/f3d2027f-a400-4a8c-93d5-29b274dc73f0
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c68ca95d35436bd4f31c1c447310f00e330b8535395dcd4a6648661d7e42556c
  
Dropping
MD5 dd1c2457cb64704ff27132b4a45b8e17

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments