MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1bbfe8a6da9f2617bb13d2b72d2d351fbcce3706012b0945b8ee4b2f72a0ff24. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1bbfe8a6da9f2617bb13d2b72d2d351fbcce3706012b0945b8ee4b2f72a0ff24
SHA3-384 hash: 7bbb4932999b2cd2cfe9dc6f2f8222b241374831087cdfee32ce6bf06705415d14c91343b3ef0a91bee6160acf6723ab
SHA1 hash: 01b442ee699a1d3c9c26ec11524038cb2db46310
MD5 hash: 39982b54577e70914868517a9ef17708
humanhash: north-uniform-charlie-eight
File name:friendz@customer.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-04-28 04:46:28 UTC
Last seen:2020-04-28 05:59:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f0363dd0e5b47ba908be3039758213f6 (1 x GuLoader)
ssdeep 768:zJ7wSwLREQX4ErB3OR7XIAb5O4toEmWHUaJOY0:BwLAErB3OVjb5O4EwUaMX
Threatray 182 similar samples on MalwareBazaar
TLSH A6733A52F6D4D5BAC10D8BB02F55E2D50186BC705A21CE47B09C3F6FAE3CE09A950AE7
Reporter JoulK
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Ursu-7709440-0
Create hunting rule

Win.Dropper.Vebzenpak-7723867-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 05:35:52 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=do76rjw2t4tbpoyt2k3s2ljvd66m4nygaevqsrny5zfs64va74sa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0e11032c40b88ae18b88c56392c3e7468971f9c0d19a422c1d626bed2133219e
GuLoader
0eecb6cf7b7bdd0f9b278d0b6341764ac7145e443fd0fe37dcbb222fe088609b
GuLoader
1a9bbebde954b27cbf6006128e1a22bdfa81d4ea853ba99bab4ec3333ea0bb89
GuLoader
38e63f753d4e98ab73e15c78e5ee4f547d6bcd314dde9894c1ed37957942c513
GuLoader
9a8b757fa40f9f6ee20d070db2801a48b9f7129ca385d6b52bb754cc8b72920b
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c6b664ffd10c03d085b36bd57b72467b6508ba736e9c8d77182e0d1518b91295
GuLoader
e571cd3a4c0744cb3c5443b868577adced331a7545fcb6e2ed0efbe7506a2f9b
GuLoader
ed33a55395aa0b7061266a9c61b87fdecfb3fd0605ac1ca342751f9deaf25930
GuLoader
fb01851fc2be012833865bd37f81fa98f6a27131bb660e5b01c5eedb8070ceab
GuLoader
+ 172 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 1bbfe8a6da9f2617bb13d2b72d2d351fbcce3706012b0945b8ee4b2f72a0ff24

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/353039/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments