MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b77dffb83a26f126a334f4dd9de9c8a21802a1b05de3067584ebfa25826f9fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b77dffb83a26f126a334f4dd9de9c8a21802a1b05de3067584ebfa25826f9fa
SHA3-384 hash: c4a321eb3a7b55d6dd9ea55ec1723b7dbddb4c05a5139790a9bd8747e5bf66a8481aebeeeb8298b7443080e2dc995295
SHA1 hash: f2f78d58f66d0073a2b0b033322c87deb87a8d02
MD5 hash: f10e479f1e813a4589f39797cfc745c3
humanhash: mountain-florida-burger-lamp
File name:SWIFT COPY-pdf-###.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:212'992 bytes
First seen:2020-04-22 11:35:40 UTC
Last seen:2020-04-22 13:10:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 66ffa5f4a678f00e32aa02e947e42db6 (1 x GuLoader)
ssdeep 3072:gBqyaMBqoczII2Kd4M+egvOX7uFCLhwbm8a0:gBqya8MIIf7tLKbB
Threatray 562 similar samples on MalwareBazaar
TLSH A524F7427A74E863D72006716FEADBB9C3183DE0D9E1C60F2050776EAE326C6656253F
Reporter abuse_ch
Tags:COVID-19 exe GuLoader


Avatar
abuse_ch
COVID-19 themed malspam:

HELO: smtp96.iad3a.emailsrvr.com
Sending IP: 173.203.187.96
From: acc@ptasco.co.id
Subject: FW: Re: Re: PAYMENT DETAILS for Covid 19 stimulus deposit
Attachment: SWIFT COPY-img.-.rar (contains "SWIFT COPY-pdf-###.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Agent.EPPI.15292.26976.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 12:35:31 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tn35764dujxre2rtj5g5txu4riqyakq3axpdaz2yj272ewbg7h5a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
3827270781e1757ffa4f6c953bba112cdd1afd673e26f639023bcaeb1cae94a0
GuLoader
39e6a374774392541d763a447932461156263e643508c7958416023115d3ff61
GuLoader
40950dcb88e56bcea0e542f297d60fe5a96d410473ec3fe51e9234b40304d329
GuLoader
5c8de7c3ff4d9ad542fe30c13e84cfe205122faefb6427cf7323298eb47ab0d3
GuLoader
818a7b0f2761340c423a9feabe5aae7fbf96129316ae4b0a11357cbaed344bbf
GuLoader
8560db7181c690430d6f38f8b3675e881dcba44904fac74f15a0df136dfa8251
GuLoader
85b3b12892570a08fc7c60ad0f4788fb3a4a8d6a9b1cfdf79495b0586cc513d1
GuLoader
8f6c9e3fe48707ed0446a2c90af1d3f6b10aab25b7cb60e78dda89f25b689cd3
GuLoader
bc7839a9de72c7c7640d259622d1e1b0ed7ebb326a9db7fe45a6ac5abd380aeb
GuLoader
c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
GuLoader
+ 552 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar e821bbeb63229436ef52508c26ce75706ca8cb7c22f4a0dcc3d372c483bb7b64

GuLoader

Executable exe 9b77dffb83a26f126a334f4dd9de9c8a21802a1b05de3067584ebfa25826f9fa

(this sample)

  
Dropped by
MD5 9e6c092ab980dac386537d64218818a3
  
Dropped by
SHA256 e821bbeb63229436ef52508c26ce75706ca8cb7c22f4a0dcc3d372c483bb7b64
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments