MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0512c8c515096734e33d52d39d554b683466183859b968f3c3fc525be6acd69e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0512c8c515096734e33d52d39d554b683466183859b968f3c3fc525be6acd69e
SHA3-384 hash: 98447852b180901a072591c9513eb1c3a368e818198a22c61027dde056629d9d057605183babef3739ff957e7f0e3d82
SHA1 hash: d42ea0954d9bf83a12a85ad01543a157099de63c
MD5 hash: bfe4aabcee56d9ea66622617e6a5fe4b
humanhash: golf-purple-arkansas-don
File name:grn.exe_
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-03-18 13:34:18 UTC
Last seen:2020-03-18 16:01:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b2424c2d841534bf72c3d6f31827a81c (1 x GuLoader)
ssdeep 1536:wbzdIV2eDCsbvzlJAF4aSeH6iRNKipxXJT4r4580MFO/1aqY990:EZemaIF5OSzTHDME//Y990
Threatray 502 similar samples on MalwareBazaar
TLSH EEC37D43FB50D967D1198E3EAC46D292051BBC6A79D2DA4B39C87B1E78F40A1CF2DB10
Reporter oppimaniac
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Vebzenpak-7639837-0
Create hunting rule

Win.Trojan.Agensla-7639840-0
Create hunting rule

Win.Malware.Vebzenpak-7639843-0
Create hunting rule

Win.Malware.Vebzenpak-7639845-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-18 14:54:09 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=aujmrrivbfttjyz5kljz2vklna2gmgbylg4wr46d7rjfxzvm22pa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
07236ee497bab6187ef9e5ea42f6a184a9bb32030b50d88f251a449b03890305
GuLoader
2df7880f7255e5944ae288c0bf24817085bb1a8291257d061f09919746095286
GuLoader
49e632e838ac0139428e5642877ed012359df09fbe438637be2de99dcb68d73d
GuLoader
6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d2d81b10778e3b7c19fcc2a0f4fe51730408ac9ea0b78b3fd5b884a59dad793c
GuLoader
db3dc621a55c6535d327ff8564558ad82edbf9ab1b424ab0d093df443b9562fd
GuLoader
e16c2f6e8bad564692abd575007f18e17013e423d7cfe8882872d021ef3439f2
GuLoader
ed235d058942eeabdbd09e342b36e1747d83fe281608b1785ca075a51607e020
GuLoader
ed8328548179948fb69a7326022255984c289763041bdccd38cc0968a005e7d7
GuLoader
+ 492 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0512c8c515096734e33d52d39d554b683466183859b968f3c3fc525be6acd69e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 0512c8c515096734e33d52d39d554b683466183859b968f3c3fc525be6acd69e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/326429/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments