MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 549d741341e63a5b461b0244c3ecb5377d8d8c95fa9a2bfe9bb096950b7993e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 549d741341e63a5b461b0244c3ecb5377d8d8c95fa9a2bfe9bb096950b7993e2
SHA3-384 hash: 761fb4e472a0569b81fea405940ac1a538e1cfa673227ba950bbd3af58b42a557980808745c79c38deb6c34e6c0d29ce
SHA1 hash: 85e21abb7600ea98cfa7f168363cbf46fa6663fc
MD5 hash: bdb68a91385dbe3913ccafbdfebe1574
humanhash: item-queen-helium-comet
File name:requisition order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:106'496 bytes
First seen:2020-04-14 04:52:24 UTC
Last seen:2020-04-14 05:34:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7aac6ead880600da1f15cc32b4a4ecfe (1 x GuLoader)
ssdeep 768:sdERsQDklDaxVdnnPlHRy74INHPa8JZgoW2VehNsc:seDkl+xfdHR3IJJJZWv4c
Threatray 1'035 similar samples on MalwareBazaar
TLSH D9A31712B694FCA5D85987766B71C7EC0922FC309C08724B75C53E1F2876BD4B822F8A
Reporter jarumlus
Tags:AgentTesla GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.31689.19921.3270.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-13 09:43:08 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ksoxie2b4y5fwrq3ajcmh3fvg56y3dev7kncx7u3wcljkc3zspra._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1c7aee0fc8ced2b774aa4a05c4a00228dddb3c9768afa1f8309f8e188431836d
GuLoader
473f6c38f3047708289a930f291a474052b160a9090bc6c2844f53b6226805ad
GuLoader
712b5489228115a95c7718684ee0c1f80a352da3872fbfcbf74000c5306ba664
GuLoader
7ca90c14bd5ed0eed66f26051883a84eaa393bf51b1c1c877b2d98325342ef9f
GuLoader
81cce625083e6605ae26986b9c8b6aabbcbad243d7cc92c47b50e14aa950a075
GuLoader
89e7b3d326525ac681ac369108ceea6641ce74782bddd37528bfef6ae1b2a6bf
GuLoader
abc26a4dae06f9fa3a58be8ae001afa9b529384fd22814469cd4e7bc5b8c1255
GuLoader
c37ae1ed1bf166c96faa73db4544f415c2b81f0a42ccd5311e0aabc0b9e4f455
GuLoader
df34eee3a23ae66bb689bc1911e417cdaa7b51c353dc586bdb3280f86df09b55
GuLoader
fd70366a0abed417301e2a312927e5697e8ded01a50c830b408978fb61ff9241
GuLoader
+ 1'025 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments