MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 459f47867adaa021b11ba6ac50c1a4784902cf750b917c957abe9e91bd1fb8a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 459f47867adaa021b11ba6ac50c1a4784902cf750b917c957abe9e91bd1fb8a0
SHA3-384 hash: 04ac2298355c7304918dc713242772ee068f8c1621764cfd9184d2d60aa613a66e957a38b55e1ad00603a0803e2d3955
SHA1 hash: d6f7ad1d2fc005983ab1c663d8e4ce731993a439
MD5 hash: 42c999c0e5c40268c1754b78efc890ab
humanhash: edward-victor-mango-kilo
File name:ab5704ae0b31a149b12d3b5ca797141f.exe
Download: download sample
File size:2'087'424 bytes
First seen:2020-04-03 01:51:41 UTC
Last seen:2020-04-03 02:32:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash dc7ffcc2dadef30b958c62129c65ea50
ssdeep 24576:0dGtRhIkL8PzP3vS45N1YtpSomt6WNwxTGCkS3FAJArzz5WvC4Bkw3Bkg:Alpn1+pQ/YTZhWvHBkuBk
Threatray 4 similar samples on MalwareBazaar
TLSH 89A59E13A9008EA3D06987FD7D175EAC1F1A7F04AC557ADB2A650F8E3F342122C9D16E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/u/0/uc?id=1RBy88Yo3UuY7zv0n0t-GSmJ6nnKtbHJG&export=download

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Jacard.179396.3023.23337.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Banker
Create hunting rule
Status:
Malicious
First seen:
2020-04-03 02:35:31 UTC
File Type:
PE (Exe)
Extracted files:
71
AV detection:
18 of 47 (38.30%)
Threat level:
  2/5
Verdict:
suspicious
Similar samples:
0cec4d3d5617d30aebf9f5742b92a035343c3ac3e55af9946d5334cf82b59381
54c3e01a3dee75c7137c63a25915b7bec1876a8fc65047eff99b97d9ca6cd5c6
5df5978473c4b77bcb6a3ec9d13f4c0e10b03a1aa82118235a6cf748f2c7809d
6f6351e0d8ebf90dc864996ebce30e60e8887f8c7f477fc3bec23806a1def95c
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ba1929b08d21c21f5f9a809b7e5b16d2853226b2c586ab3e82f18d15c6043c9a

Executable exe 459f47867adaa021b11ba6ac50c1a4784902cf750b917c957abe9e91bd1fb8a0

(this sample)

  
Dropped by
MD5 ab5704ae0b31a149b12d3b5ca797141f
  
Dropped by
MD5 b616fd8491aa22ad9bb4f07702462e4b
  
Dropped by
GuLoader
  
Dropped by
SHA256 ba1929b08d21c21f5f9a809b7e5b16d2853226b2c586ab3e82f18d15c6043c9a
  
Dropped by
SHA256 618dd0e19d77084311ace39a34ac53a0c019563a9ada40666a2eecd7a6b9e8ce
  
URLhaus
https://urlhaus.abuse.ch/url/334533/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CLSIDFromProgID
ole32.dll::CoCreateInstance
SECURITY_BASE_APIUses Security Base APIadvapi32.dll::AdjustTokenPrivileges
URL_MONIKERS_APICan Download & Execute componentsURLMON.DLL::URLDownloadToFileA
WIN32_PROCESS_APICan Create Process and Threadsadvapi32.dll::OpenProcessToken
kernel32.dll::OpenProcess
kernel32.dll::CloseHandle
kernel32.dll::CreateThread
WIN_BASE_APIUses Win Base APIkernel32.dll::TerminateProcess
kernel32.dll::LoadLibraryExA
kernel32.dll::LoadLibraryA
kernel32.dll::GetVolumeInformationA
kernel32.dll::GetSystemInfo
kernel32.dll::GetStartupInfoA
WIN_BASE_IO_APICan Create Fileskernel32.dll::CreateFileA
kernel32.dll::DeleteFileA
kernel32.dll::GetFileAttributesA
kernel32.dll::FindFirstFileA
kernel32.dll::GetTempPathA
version.dll::GetFileVersionInfoSizeA
WIN_BASE_USER_APIRetrieves Account Informationkernel32.dll::GetComputerNameA
advapi32.dll::GetUserNameA
advapi32.dll::LookupPrivilegeValueA
WIN_REG_APICan Manipulate Windows Registryadvapi32.dll::RegCreateKeyExA
advapi32.dll::RegOpenKeyExA
advapi32.dll::RegQueryValueExA
advapi32.dll::RegSetValueExA
WIN_USER_APIPerforms GUI Actionsuser32.dll::ActivateKeyboardLayout
user32.dll::CreateMenu
user32.dll::EmptyClipboard
user32.dll::FindWindowExA
user32.dll::FindWindowA
user32.dll::OpenClipboard

Comments