MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b2e0d5dd025f3af551020940f5cb7bfa79ce059f90cb62bafc0c8490f197bc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b2e0d5dd025f3af551020940f5cb7bfa79ce059f90cb62bafc0c8490f197bc7
SHA3-384 hash: 3a5d8f34c5507c31996ef98943b9d7398357cc1da278903b0c58ba4da933f321cb165a88b28932bc738b63a61a6212e2
SHA1 hash: b415569923cd92f89530a19ca55976f0313d1414
MD5 hash: 428626b72b1727f0cefd5cf187f66db3
humanhash: social-oxygen-vegan-fillet
File name:Factura Marzo.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:147'456 bytes
First seen:2020-03-26 13:05:46 UTC
Last seen:2020-03-26 14:30:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fab8eff72802f0007d8dcc5678ef4346 (1 x GuLoader)
ssdeep 1536:tUb2DGT1FB8+VVXRM0FZI/3yPlbezzWVx+VEI7Cm4:tSS+VVXRMWZI/YbezzWVto4
Threatray 1'900 similar samples on MalwareBazaar
TLSH DBE35B33BFC0C940EC128A700C9B86A5CD66BC205D565BC7F3517F0E6C7AA5BDEA4296
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Vebzenpak-7649836-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 11:19:01 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dmxa2xoqexz26viqecka6xfxx6tzzycz7eglmk5pydeesdyzppdq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0c4c71e85ab589b9931f6ba87a00ac43d29ddc2907857c7226181fb56e4e278a
GuLoader
23245166f5cc80f533d3b50ac54e614aa646a5547ae956b9a8957113b446d42c
GuLoader
50d487621decc715e2b3e349679aba07ecb93d3ee55a3605ec0606d11a05dcd2
GuLoader
8d88c99ff33ecbed42e4185b925f890a616aa0307a559d61595ab67dae6a1a09
GuLoader
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
GuLoader
bed06510d878aedc81671ebf83fb2dd246f88de58514124d166e0831b4d9c4d0
GuLoader
c7c2e3e6dc40ec793635b6f18e44223d8cbf9fb621ee0d5b374b709510fe2d9a
GuLoader
c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0
GuLoader
d30f4ed99917a14353e7c981b527597931c9d7440e55173bb44dd6ac6317da95
GuLoader
e0d0b8ce88eb76ca3cb8339d7f49d2d198b2a51b43949b4ddd23a40889cafcc9
GuLoader
+ 1'890 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe 1b2e0d5dd025f3af551020940f5cb7bfa79ce059f90cb62bafc0c8490f197bc7

(this sample)

AgentTesla

Executable exe 4667578c74184250d5ea1ee15fa4f23e8e36ec0f34941c3695b939002ca3c7c2

  
Delivery method
Other
  
Dropping
SHA256 4667578c74184250d5ea1ee15fa4f23e8e36ec0f34941c3695b939002ca3c7c2
  
Dropping
SHA256 4667578c74184250d5ea1ee15fa4f23e8e36ec0f34941c3695b939002ca3c7c2
  
Dropping
SHA256 4667578c74184250d5ea1ee15fa4f23e8e36ec0f34941c3695b939002ca3c7c2
  
Dropping
MD5 f07e92440904746e5b5e1a749add8406

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments