MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8560db7181c690430d6f38f8b3675e881dcba44904fac74f15a0df136dfa8251. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8560db7181c690430d6f38f8b3675e881dcba44904fac74f15a0df136dfa8251
SHA3-384 hash: 24b05aa08e4b4120aeef3f7706a9d188e6f10342b877fadb5660d88e7149c68b80c8efad380772a80e12ec8d81cff616
SHA1 hash: 7af8cff4a51df7f8fbbd9085cfb25c0ba6d865db
MD5 hash: 4bfecd380504ee73797516879522567b
humanhash: tennessee-nuts-fourteen-eleven
File name:QUOTE 002242020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:221'184 bytes
First seen:2020-04-27 18:38:29 UTC
Last seen:2020-04-28 07:07:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2baeef676db9ff3b9ec8d8de3a7daa12 (1 x GuLoader)
ssdeep 1536:3RbrE4jwx+jcJKI8WQ78tI78b/89dY7dKl6n9sYG1ARzgMzfVzhjMbx3/3Yjcz:VVjYUnWHiIbpEl69s5Glr4bBocz
Threatray 592 similar samples on MalwareBazaar
TLSH C424F7866D74A463C70846316EEAE7BAC2083DD1E9E5C94F2080372EAF3375A557253F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Hosts.47502.7076.14111.UNOFFICIAL
Create hunting rule

Win.Dropper.Agensla-7727855-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 11:50:02 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qvqnw4mby2iegdlphd4lgz26rao4xjcjat5motyvudprg3p2qjiq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
396c67d17bdba56c29d4774991879313c236e9db5b9e1173f322d1bd3194edd1
GuLoader
5c8de7c3ff4d9ad542fe30c13e84cfe205122faefb6427cf7323298eb47ab0d3
GuLoader
6cfa6754f2c32d3856972eceda81e57c0a274c80419482b6fe3910966b67a114
GuLoader
85b3b12892570a08fc7c60ad0f4788fb3a4a8d6a9b1cfdf79495b0586cc513d1
GuLoader
8f6c9e3fe48707ed0446a2c90af1d3f6b10aab25b7cb60e78dda89f25b689cd3
GuLoader
9b77dffb83a26f126a334f4dd9de9c8a21802a1b05de3067584ebfa25826f9fa
GuLoader
a40a5e625d55583bfeb7d9ef900686a29dc3c6f580ca1615af7a2ad29f02761a
GuLoader
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
GuLoader
bc7839a9de72c7c7640d259622d1e1b0ed7ebb326a9db7fe45a6ac5abd380aeb
GuLoader
c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
GuLoader
+ 582 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments