MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9e80d2e7af4a98e04149a178f065f16e08f1c8807d01a0c8e6fe694bc8bf53d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9e80d2e7af4a98e04149a178f065f16e08f1c8807d01a0c8e6fe694bc8bf53d
SHA3-384 hash: 251307f3458638a69c27d2e4e592403d4fbdd0493936e735d39a58367f5587a9352118ac8b0e71ffb31d8f86bbd91329
SHA1 hash: 917cd7657300fe1f88f5a0f9fb4df5cfc2c6597f
MD5 hash: 765318a6d4efc514371b3685fd5e4de0
humanhash: tennessee-high-edward-juliet
File name:SLEEPINGP.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-01 10:28:13 UTC
Last seen:2020-05-01 13:50:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 343bf677bd95b65b8c7e66eb1d05de63 (2 x GuLoader)
ssdeep 768:QF8wCW+osGo8ux/GEseB2jg9hJL52RH4h+Ccv4c5vlyA2:q8wCW+oRU1nYjkL52Q+C1c0
Threatray 114 similar samples on MalwareBazaar
TLSH 0683092AFA94E272D60586F55E6AA3D41069FD3559058E07FE887F3F7932E13E50030B
Reporter JoulK
Tags:AgentTesla exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

SecuriteInfo.com.Win32.Injector.ELSH.4129.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 10:35:55 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xhua2lt26suy4bautily6bs7c3qi6heia7ibudeon7tjjpel6u6q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
38e63f753d4e98ab73e15c78e5ee4f547d6bcd314dde9894c1ed37957942c513
GuLoader
396c67d17bdba56c29d4774991879313c236e9db5b9e1173f322d1bd3194edd1
GuLoader
3f88c57eb7f5eb4e623183ce4b3d06ad3987000282cb09b184a9854fd592c766
GuLoader
5a44cbe60853b3a9446a1ca10802ee4767cdfca6cf05c7c96ba7799aa91eafee
GuLoader
74c975e466910e51d9a87fcffdc408e88df2aef3d8b0a9011faf70015966f013
GuLoader
a5e798492ba6892a57c79c635679563eceacb6d1efcc38f5dfc0232518861ca8
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d1148a8f019b2b901f2c089bd7e77eb55c61efa5d6cbfb65e4fa1868476c9dfe
GuLoader
dfe54696ad7c10bc44e524a6d292f94a951bd29aa1f4dbee29b6ae56eaf9fa51
GuLoader
ff74fb3d8b1bc85e76697ddd73113a500d0c735e3b0b97fa67dd7720e40a5017
GuLoader
+ 104 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe b9e80d2e7af4a98e04149a178f065f16e08f1c8807d01a0c8e6fe694bc8bf53d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/355461/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments