MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 503f94f00304bc18900c3494f2da5bcb1d8a103a0b15ce00bbdaeb5dfd8d9b7b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 503f94f00304bc18900c3494f2da5bcb1d8a103a0b15ce00bbdaeb5dfd8d9b7b
SHA3-384 hash: ca89158297c792cf62693680e72af5fec13d57b2e5cdbdf9d622f5ddd193a7919f8d67e67af1fc3f79bec0ef7af55df4
SHA1 hash: fcbd6fa6d3cc0f753cfb1ee78ca0a550cbc819bc
MD5 hash: 7ee17f20dc7ef645bb7867d9b1a4b432
humanhash: oscar-mars-july-five
File name:makave1.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-03-19 14:22:01 UTC
Last seen:2020-03-19 15:48:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 043742c3e7c65a220cdd0983416ab948 (1 x GuLoader)
ssdeep 768:Ezjn8MHl9X8Kc9FkSyqN+VZJk6cvnqE8abRKBLq36Y5WogAZSYU24Tv9:Gj3L6GNqIDK6cx8FLqq7AZmN
Threatray 905 similar samples on MalwareBazaar
TLSH CE737C03F750F826C959CB3E6C0AD690311BBC741992DA8B36E47F1F6CF50A28E59B58
Reporter abuse_ch
Tags:COVID-19 exe GuLoader


Avatar
abuse_ch
COVID-19 malspam:

HELO: megaform.com
Sending IP: 193.142.59.211
Subject: Breaking!!! COVID-19 Solution Announced by WHO At Last As a total control method is discovered.
Attachment: covid-19.img (makave1.exe)

Intelligence

File Origin
# of uploads :
2
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Vebzenpak-7639494-0
Create hunting rule

Win.Trojan.Vebzenpak-7639767-0
Create hunting rule

Win.Trojan.Generic-7640133-0
Create hunting rule

Win.Trojan.VBGeneric-7640141-0
Create hunting rule

Win.Trojan.Vebzenpak-7699953-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-20 01:37:07 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ka7zj4adas6breamgskpfws3zmoyueb2bmk44af33lvv37mntn5q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
2b6160a9720ed2cf3b818dafc81e4f092111d4df2e0db161b994b39a5ceb78f3
GuLoader
434ea880ad59cffded73a776f3a01a75e6afef21fc6dca45b364fd3f0ba54de3
GuLoader
996d663495ef1d96ee9fca68c07a4173910824b4956214edd0af1c53501608d7
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b4bbfec518b34f417680149af477857ce1a27aa23eaceb4eb99d62230e376ba9
GuLoader
b6815b7c6bd39d114da295e839d472997b073db3d57429aadad20bb73c7b47c2
GuLoader
c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa
GuLoader
de5da2008e231c60a227d6700248953651e0242542f07027e400760283b91d42
GuLoader
+ 895 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/503f94f00304bc18900c3494f2da5bcb1d8a103a0b15ce00bbdaeb5dfd8d9b7b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

0659a9731d2ab35331689dd356156a8d

GuLoader

Executable exe 503f94f00304bc18900c3494f2da5bcb1d8a103a0b15ce00bbdaeb5dfd8d9b7b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/326931/
  
Dropped by
MD5 0659a9731d2ab35331689dd356156a8d
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments