MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2aa324195b641499159816aa2ba8f40f6c5d971bcbee5a753d330df383867248. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2aa324195b641499159816aa2ba8f40f6c5d971bcbee5a753d330df383867248
SHA3-384 hash: 5620c718528714726c595e14fb504062298f2a561fb2b9cbbeaadeedae81b6bd472971897af1a95e16f5926579db0e7a
SHA1 hash: 44173f6731eebc311f3080a24ce069796bacad76
MD5 hash: 1b6a7cc219a5cba9211d397510ced872
humanhash: apart-floor-quiet-south
File name:PO# -RDPLI2020-04060.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-04-02 19:22:41 UTC
Last seen:2020-04-02 19:44:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e452a35fd2e4796af16a2d6fe22815bb (1 x GuLoader)
ssdeep 768:yzT9B4VslqQZH0wjrIiwJHr1VinoEzspse5z:u9csQQZH0wjrUtviozpHz
Threatray 489 similar samples on MalwareBazaar
TLSH 05A3F817FE90FE51D4045E728E76ABEC8226BC34AD056A0376C63F6E3E71045B592B07
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7646486-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 15:16:57 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fkrsigk3mqkjsfmyc2vcxkhub5wf3fy3zpxfu5j5gmg7ha4gojea._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
1e04c1e4eefe23f454553364e757209462f2561d8455628b296b1dbe83fc6ec2
GuLoader
2f4ed6ffb6539e4fd08da57d1d3577180598316972c284d344fb84c1c601a129
GuLoader
692e5432ac04059e4ca7f231a635908160f62126a38a046bd874d21c6ee2edc5
GuLoader
88351e25a74c8d49e593276995290440b4ce3ae78ebb68438a32269674f0be32
GuLoader
9cf6d3ac0471037df2eff34d6156961982d84bcf9ca3296eca6988f508d72834
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
ccd5df3e21e1543a8cb3f92b37276be48adec9859f12096faaca589a39a0f99b
GuLoader
ec925875d4a005aa2529d12840e65df77f89049ee47f923657fdbf06dd1100c7
GuLoader
+ 479 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 2aa324195b641499159816aa2ba8f40f6c5d971bcbee5a753d330df383867248

(this sample)

AgentTesla

Executable exe f8ccdf4d24a9ca91670d55df56bbea28e7e94f42c89d55e18843d123b3cdbca9

  
URLhaus
https://urlhaus.abuse.ch/url/333083/
  
Dropping
SHA256 f8ccdf4d24a9ca91670d55df56bbea28e7e94f42c89d55e18843d123b3cdbca9
  
Dropping
MD5 3f1cc5a4b908345e608c3aab5d583d33
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen

Comments