MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3be4f95709bd751f894af6489da8c700cb5d6bcdf5f33dadfcdb29ae53f7549b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3be4f95709bd751f894af6489da8c700cb5d6bcdf5f33dadfcdb29ae53f7549b
SHA3-384 hash: edbc74c37f5dd58e53eb885737697611e2a90022a3781893f6b4c93cfe1be3c02f3a2086c4b6b1f6800c9878380f8635
SHA1 hash: e1648ea970f932b811cb4fe8d57bac69686bd360
MD5 hash: 31ea8287c22a3cc734a430772e5657df
humanhash: pip-mobile-oranges-snake
File name:Salini Impregilo's New Order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-03-30 14:22:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4b476de9f3a5e47942c8e60bb2adb739 (1 x GuLoader)
ssdeep 1536:ju1Wp92MHr3IKJIS/0o1bcaeMFWTkMab7X:OS2AtN/0m7bj
Threatray 705 similar samples on MalwareBazaar
TLSH 28A3C612FA00BCA4D9380DB59B718B9C63467E266E09BE43348C3EDE7BF11907552D9B
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Remcos-7647550-0
Create hunting rule

Win.Trojan.Ponystealer-7648176-0
Create hunting rule

Win.Trojan.Generic-7648215-0
Create hunting rule

Win.Dropper.Remcos-7683428-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 13:00:58 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hpspsvyjxv2r7ckk6zej3kghadfv226n6xzt3lp43mu24u7xksnq._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
02b10c6690bd0ed3e9b675553519df78a7ede63a398d68304043eacb691fd305
GuLoader
0d2b79e9ac449de6c300c43522e8581a971b4b08e004696e278608d6c4b46eb8
GuLoader
5e5d88343393a5a1f98a66c8e5967023e200dcf3be81bc0a3c210396156d0fea
GuLoader
6c7d10402361556d564ce74e16a05024a4e0ad31da03b98fb69d4f7c0079730f
GuLoader
7b0c22fa717eb03d14472427b1ecff6dc206951b78bf319111cbf3fde5ba916f
GuLoader
93a073e6352727ea0bb8c16febf4422e0ff95558ea6705099dcf9400c1170704
GuLoader
aea480ebd5777e840f0b988267554fe1d35f70238bed009231b24475fdc0b0d9
GuLoader
cac86be4b999583d9586a49aa2530ea548a78019e25c98f02158c01ef2883381
GuLoader
e3390d55fcaf849c1dc612723a24162bfb6e06b8681624d55555c6418b3a1db2
GuLoader
ee4bbc371656858005f8d7f3315d21327f447f7aa521c2e9c2d46799841f3e02
GuLoader
+ 695 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe 3be4f95709bd751f894af6489da8c700cb5d6bcdf5f33dadfcdb29ae53f7549b

(this sample)

AgentTesla

Executable exe cd75215808d3f28bc56edc497c186d2b53d175467b9d4aa3f525843c51ceb39b

  
Delivery method
Other
  
Dropping
SHA256 cd75215808d3f28bc56edc497c186d2b53d175467b9d4aa3f525843c51ceb39b
  
Dropping
MD5 3dc117f667b5f9585f18629caa9bf010

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments