MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06c39fdd95aed534806896a460c1cd568259e7b786b20abd7e923c4d1d4d8511. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06c39fdd95aed534806896a460c1cd568259e7b786b20abd7e923c4d1d4d8511
SHA3-384 hash: b3da8cdc361f29dc20c5a0ba4e9f13906ec7a2694f5868016f9df8a9b2a3ee7776a5aadc20b992cf7834bee22e391a69
SHA1 hash: 1823edd802ae0f067e35bd602f2a079d224e8193
MD5 hash: 24ed591141cad592ab6e0767f7219c0f
humanhash: high-timing-arizona-happy
File name:purchase order.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:221'184 bytes
First seen:2020-04-21 11:52:56 UTC
Last seen:2020-04-21 12:59:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3727c6bfb1db88d7b8242e9fe65b3762 (1 x GuLoader)
ssdeep 1536:m0qBYiwe2FUfvxxJo8gqdfasA8TN1wYt1fSlG7wb0521qBUy9jMbx3IpuJ9Q5:mfBYiwe3/Hg4bPFTSowxEOyebKcJu
Threatray 669 similar samples on MalwareBazaar
TLSH AE24D642ADB89427C71846316EE6E7FAC34D3DD0E9E1C90F20907B1BAF3364A556612F
Reporter jarumlus
Tags:AgentTesla GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Agensla-7687280-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 11:11:27 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a3bz7xmvv3ktjadis2sgbqonk2bftz5xq2zavpl6si6e2hknquiq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
09838078bc786269db65986e324234d647ff0154b07565e59bdf34f5f72d650d
GuLoader
1f93e9ec506b2df6670b01905f5c42e05d7c2b4dbf44e37d82ee8050528d961d
GuLoader
2514cc0d95a79227b308e5834eb780ba105109fcc7fc02fc11ef3a03e61cac46
GuLoader
5f845094f591cc548f669c31a1cbd8466bfe37bdd890d12e535afd73242d58a7
GuLoader
67aa5b86db90b286266d57324824825453a9db72b15414ee064dbf01085d00b4
GuLoader
8f6c9e3fe48707ed0446a2c90af1d3f6b10aab25b7cb60e78dda89f25b689cd3
GuLoader
9e56b9c890057c4adac0a54f64720736438dcc1ba3cce009c7b510fea603f2e1
GuLoader
a1e8840b05e211a9aa314ac0d4359068094bd9016c77b43591bc543b37e7022d
GuLoader
c2fdcd6737639defbb98a8cb6d0799f59644599d77b0d8bb231a64dfba2a26db
GuLoader
c410f181985c48a013609ed25c046f7e87782ee807e2b8bd0199788a461eec90
GuLoader
+ 659 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments