MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 150b2b068639c918e134e69b557f929dea81cf3a6d563aba39640227bdd029d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 150b2b068639c918e134e69b557f929dea81cf3a6d563aba39640227bdd029d3
SHA3-384 hash: 7d67a3bc574d07173a24a21a531a35f9e52157a5ea7efd8d38485243774cf62ed362e3fc644c4dab6cf8248cd9c58251
SHA1 hash: 5f19984ffa7cb392a591bc33142490803d96d32b
MD5 hash: b206105fd8ababd45307a8cde98642b8
humanhash: high-mississippi-charlie-violet
File name:SecuriteInfo.com.Generik.KKVVLEC.26663
Download: download sample
Signature GuLoader
Create hunting rule
File size:53'248 bytes
First seen:2020-04-15 01:52:27 UTC
Last seen:2020-04-15 02:34:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e7c22424157ee6d2c0f45afae67bf3ca (1 x GuLoader)
ssdeep 384:RjF1HcYF0gxwDlIUAac6eQTL+ZKVKb7k+UWOxlP/GboWPYklnBPp:Rj7HcYFmAac1QGp7k+CxlPeJYkLP
Threatray 249 similar samples on MalwareBazaar
TLSH 1233B502F271CE40DD9C06B4086D469092AB7C71E796CF52FB62761D1FBEEA1CE63216
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7667979-0
Create hunting rule

Win.Dropper.NetWire-7668053-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-15 00:14:46 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cufswbughherryju42nvk74stxvidtz2nvldvorzmqbcppoqfhjq._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
0b579b5234465e825338a97b93d6ffbb2733bd7b9a1a3f4c3ed5f7c410d76658
GuLoader
0c017b57d7f1cbfa01f54deb15b7f04b8923acd4585435050589b1762856247e
GuLoader
2ffdb2643512eaa27e65319a8905fccb924c39ff91b4c14787f7d5663edf413d
GuLoader
3143a2e5e36fe24663503f10167be4919d67ee9095b38862df0d898ee233ec5e
GuLoader
318feaa23aaf7ef64618bd49846973791db210e5714fd4440a8b186409207810
GuLoader
55eb95f1ad05a1a1acff7b2b727e30d4045e9eab88cee2ab7cedb7db0c1b434a
GuLoader
5d87517a56440374b259a78c6f271de278c89b03016fe307e5a85121b054f42d
GuLoader
98169e4e5b83666832b2cfbe23861caf950ffa48cc3365d906d782be0f0b2016
GuLoader
987305f6f29e3081b7ba4bb1b424a12cf25509749a9936d321d93ed0168b5279
GuLoader
c615feef9580a0c5da27cffe236ad0ad2b86c511a51e92b782f8a4f58b617085
GuLoader
+ 239 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 150b2b068639c918e134e69b557f929dea81cf3a6d563aba39640227bdd029d3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/340505/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments