MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4dc38cd2854259162ce68bb83f6ce11a755aa96aeba2134cdd18fd69720bece0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4dc38cd2854259162ce68bb83f6ce11a755aa96aeba2134cdd18fd69720bece0
SHA3-384 hash: ab0364c140b80c5dfb31163eac9ed0384dcb79a563f5e7a2771bc390868448d21cd2bc861bc9639fb566bec8b7d207f4
SHA1 hash: 9c8632a692cfffb39ef43e5edd242a05e0fa873c
MD5 hash: 7b0699f990f5767c3755ba0f0a4801ad
humanhash: hamper-fruit-wyoming-ceiling
File name:7b0699f990f5767c3755ba0f0a4801ad.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:53'248 bytes
First seen:2020-05-01 12:31:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dc958c2de12c414f673dfed62b6b9a4c (1 x GuLoader)
ssdeep 768:1QLw8bSf7k0xJ9eh2s8Eqxbzd3WEUrFUd7vsCr2x7tI6:g9+kJ2sPqrGNxUlvlaZD
Threatray 651 similar samples on MalwareBazaar
TLSH 94332A12D9B8E571E9688BF12D7443A804EB6C3015229D0F3E553DAE2F79E4BE46831F
Reporter abuse_ch
Tags:exe GuLoader NetWire RAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33736731.1797.23480.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Netwiredrc
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 08:49:36 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jxbyzuufijmrmlhgro4d63hbdj2vvklk5orbgtg5dd6ws4ql5tqa._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
GuLoader
1d7f1bd2e98ab61ef9f350289c83791d4da1463576ea3591b8cf3b9228f506ab
GuLoader
404655117f92200c14e7c2aa641f27337e18bf8d148e73bbc5d7d37b73b7fc28
GuLoader
4a3e5ec3cb8e7de4807f8ab6684291a02eea7a64c76f0e32df1b0a0bb17c047c
GuLoader
60c2a6a0bc12f4b6fd4ecb473d5de3d9de561ee3125055dbbf2d8ff12bb83f60
GuLoader
60ccdec92b23413b1b5391cb9923931e5b151f0f5877f1f90d730f0fede5f365
GuLoader
68f66dd88b1a69a8ff2e63cca5e4554e1b147ccd2474d356b60a749c21412fd4
GuLoader
7d53275640b52b08bb54259f6bc85edad2dfe30b6b5f9cea9ddc8d7469d97cd8
GuLoader
98af60250a9e0cedaa66f04fe39c412bd0007855255547df68f5da46686c9ced
GuLoader
9e6cf2b57d1e96bced0f7742e883a8fdf94847fcf3344ae55f05324b59fde328
GuLoader
+ 641 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/355500/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments