MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c27f57ddb7c5ccbf08702936e1c53d064e6eb2083ed5fd95b210443a6d7ecbe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c27f57ddb7c5ccbf08702936e1c53d064e6eb2083ed5fd95b210443a6d7ecbe
SHA3-384 hash: 269a470ba1495fd7f5917875fbdef3fbef92d5e14d17ec875bd879b9f50e0a2c50c8c0a4e280f5a5fd0d0b9bf73b0d92
SHA1 hash: 9a4cf1caf2bd6082883c24f6e4d6b98fffed71f0
MD5 hash: 950483bcaff55045d695761e386cb514
humanhash: march-blossom-october-california
File name:SecuriteInfo.com.Trojan.Siggen9.24314.5517.27814
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-03-23 21:08:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6260d1cac203e13f2bb79bb86ea885ae (1 x GuLoader)
ssdeep 768:CJU2kXoiG+FKmcVbsTG4YVIUnDD+hXWymk9naBTAz+T/NazbG+SMnhru8sV:C7diGIKDVb6pS20k9aBTrNa3TNurV
Threatray 928 similar samples on MalwareBazaar
TLSH 9C836C02FE40E565C45C8B7D6C56C690151BBCA92982C6AB37D4FF0FE8F01628F1AB6D
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7639438-0
Create hunting rule

Win.Malware.Generic-7639551-0
Create hunting rule

Win.Dropper.Ponystealer-7639609-0
Create hunting rule

Win.Trojan.Vebzenpak-7639767-0
Create hunting rule

Win.Trojan.Vebzenpak-7640209-0
Create hunting rule

Win.Trojan.Vebzenpak-7699953-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-22 23:13:22 UTC
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dqt7k7o3promx4ehakjw4hct2bson2zaqpwv7wk3eecehjwx5s7a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1267b822cde1edabfc063458232a5ed9ea03652416de96b8d12ecb1058c86e23
GuLoader
65ec71a21b121cb6b5ad5c16425f217589eac46a8879aad3a8f04f5e5b2d872e
GuLoader
6d043b33b33e6baaf7514b9ca56f8dbd8aa57bc71a9040bf438bc780c1a4ad5f
GuLoader
748970d868ca12ef96a98cad33b9f3c7bf7ab20ce2e595d4fdaab152e50b29c8
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
cc32eb0fb5c35376f69a3d6b81fdb339309d06d80a2cffa2604e21012ac33c18
GuLoader
ccf1e6416673f50f016cfa1658e9dd29793195b9bc701fedc1218d122faeb6b2
GuLoader
d87c6077423627f449ad0706b6aae722a75b8cb2bd8f977b01b2ee5d6333b069
GuLoader
f3418e9ec01f4116a2ae079c709ee3c20455d66861951751474dbeb49ab75c26
GuLoader
+ 918 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 1c27f57ddb7c5ccbf08702936e1c53d064e6eb2083ed5fd95b210443a6d7ecbe

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/328936/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments