MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27d318fe5d1d8f02c39b6b82690e4be83eeb3f357618cbabd7d808a23924b277. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27d318fe5d1d8f02c39b6b82690e4be83eeb3f357618cbabd7d808a23924b277
SHA3-384 hash: 085d7d9567df718262ee3eee252b016c39b87d547f602f50c57725d90cf6601a4581b39184e4cedcd6d9d76613de0941
SHA1 hash: 29cca773cb11097d127ba5ddb2d6ca69c462aa21
MD5 hash: ea58a2d052aaee30b19a34048ce04066
humanhash: three-lake-speaker-louisiana
File name:Stigmaticalque.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-03-25 20:13:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 79f69e369d09c751f592f8bd4a193a31 (1 x GuLoader)
ssdeep 1536:EV69BrIP08K0mkNjU42WGFAxUdw7sXVi:j7IP7TDhH2WNWw7Z
Threatray 630 similar samples on MalwareBazaar
TLSH 04835B07FB50E4A5C45D8B3E1C46C6D015377C64A991C69B3AD8BF9F98F00A3CF1AA68
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Ponystealer-7639435-0
Create hunting rule

Win.Malware.Generic-7639438-0
Create hunting rule

Win.Malware.Generic-7639551-0
Create hunting rule

Win.Trojan.Vebzenpak-7639767-0
Create hunting rule

Win.Trojan.Vebzenpak-7640209-0
Create hunting rule

Win.Trojan.Vebzenpak-7699953-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-23 18:55:47 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e7jrr7s5dwhqfq43nobgsdsl5a7owpzvoymmxk6x3aekeojewj3q._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
032624661ba64ab1c3ca40a7a47b3635ee6b6a3442ca6bfb7a41a4a8de7b0fb5
GuLoader
2bd30faef9e89799bc33f076afc8f3521bc84018c8e27829e8f475ee1c8dc13b
GuLoader
3df464cdb09ec8aed7589b31541a291c9b921f49b2cc97aa34d363161366db8a
GuLoader
5cd5f57afb04ba3ce4e5aaee5a7fa7d10b24a334e30911a49a4cc4cb52982848
GuLoader
844fb0d61ff2be56043914797b2e0123e111f616bbd743e3ecfee5c340651146
GuLoader
a07051295b50dfe762f42e922f6815e4554ae1b392da5810b88893cb91ac3b7e
GuLoader
a0e9692a6a0f50890c03829cfc80dd4ef47aaf4ade8c2fd35a62c09d290171d3
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c76654971c4af60511d3583a3bd00c673904569aa93973687e14e95b9e80de6f
GuLoader
ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74
GuLoader
+ 620 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/330006/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments