MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b289e7a3e27dfee54ea6a2610a3cc690b96d7dafec31756401349935e3d83202. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b289e7a3e27dfee54ea6a2610a3cc690b96d7dafec31756401349935e3d83202
SHA3-384 hash: 1c92499cecb16ea867f867e88f671de172c67787b349908f07b3190c5a41d1006b19d6a388725e2aa67db3ed459dae00
SHA1 hash: 1cfd4feba55a8b711b196d3a89a0b1a77008999e
MD5 hash: fde570cf5b0cd15dd515c97db2574300
humanhash: xray-football-skylark-montana
File name:COVID-19 Solution by W.H.O_17-03-2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-03-17 15:23:18 UTC
Last seen:2020-03-23 21:49:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d632955142d90fa5b453ec5381386ce3 (1 x GuLoader)
ssdeep 1536:VczJ/Ma8vFSGlw88Mq2It2up8q8vFSGlwUM/:VuxMeKPAF1KNM
Threatray 1'088 similar samples on MalwareBazaar
TLSH 0A737C44ABA4941AE121BF385061433E5B9EE131DE65EB4EF416F2CE7B7A2203F1A15C
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33552494.3156.31069.UNOFFICIAL
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/333401
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-17 22:16:36 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wke6pi7cpx7oktvgujqqupggsc4w27np5qyxkzabgsmtly6ygiba._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0fc76f1453db81e8fa50b7e685827e0f5126c25c91de2a25552af3273bb407e9
GuLoader
13c555d2bc29bc384b7c496c0aefadfbe38d7b415e11c43bdbcfdf702062d1f3
GuLoader
1dce14c664bb75e2552cafda4d35fa2f5ad0005ee0013adf4b673cd0688aa443
GuLoader
50a4a0067a0756996b12da1316f2574a16316d050b675114c8ae60c35e99cf5b
GuLoader
70d577aba943b783ec606abcfa912bf97c9fd4f22d5e46ff1d718d350a8e4fcc
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
ea816a801d2882a3da04ae2b9ac3e20e0959a95d18dfb17c55bb786b3ba2c743
GuLoader
efa7f245a35c85568d26690f149f992e77c007fa1fbb7c2f4f050cea7fcca930
GuLoader
f1ba59863abc7d03f67577aa4b75ab121608c76433981f394651f2b327914e9c
GuLoader
+ 1'078 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b289e7a3e27dfee54ea6a2610a3cc690b96d7dafec31756401349935e3d83202

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 106c696661843eecc63c0fb98ddb77402172b50c7b33be3a59984531ce6a9b64

GuLoader

Executable exe b289e7a3e27dfee54ea6a2610a3cc690b96d7dafec31756401349935e3d83202

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 106c696661843eecc63c0fb98ddb77402172b50c7b33be3a59984531ce6a9b64
anyrun
any.run
https://app.any.run/tasks/d41ac00e-5185-4f26-8275-027e73600d09

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments