MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b59dac589de1279260d3b8976a210779abbb56447ca52679608357e67bc637b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b59dac589de1279260d3b8976a210779abbb56447ca52679608357e67bc637b
SHA3-384 hash: a36fd40f0714b2e89e85864bcf29a1c3f90c4e42fa5ab43945489757113dfaa674a9b310c2432a475d3d8b82db845912
SHA1 hash: 6445d139bb5315654bb9effa3f78dd96af25e0b5
MD5 hash: 7bab797bb447aa3732c6796081ebcf2f
humanhash: carolina-colorado-fix-black
File name:5b59dac589de1279260d3b8976a210779abbb56447ca52679608357e67bc637b.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-04-28 04:23:44 UTC
Last seen:2020-04-28 05:58:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0a166c1b3abe1038ab3218a1d3cb9a67 (1 x GuLoader)
ssdeep 384:xFNNUY1dIkQAISq55afVlXUNShBdoVTIBZjDFaX0k9jJvBD3eZ02spEV:fNeY1dIcIlKzk8o05FaX0kFjW02p
Threatray 194 similar samples on MalwareBazaar
TLSH BD733B67B444F0B3D6648AF58BA1C7BD001BBC301B448E17B46D3B6E1F74D4EAA60766
Reporter JoulK
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
4
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Remcos-7723780-0
Create hunting rule

Win.Dropper.Vebzenpak-7723867-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-04-27 22:59:17 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lnm5vrmj3yjhsjqnhoexniqqo6nlxnlei7ffez4wba2x4z54mn5q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1bbfe8a6da9f2617bb13d2b72d2d351fbcce3706012b0945b8ee4b2f72a0ff24
GuLoader
2adb6be5546acb42c8717b93181d13b7b174f5b13529921c5a0f72d4bd356f4d
GuLoader
453dacb9349991ae41f06e03837a54f188f0c60869b2bd6c187a46629d4bbd55
GuLoader
56c48ad772316105766bebe5da6b16a4475c7de8bc6621dab5fa896912d0ae40
GuLoader
5f4c8829df357db3002865e2afdceef666037b4b55add9b3f3f9bdf604887761
GuLoader
982918d155617975c06c471aab26a4049c102b69dac8c6d6a3e1022f111e71a7
GuLoader
d1148a8f019b2b901f2c089bd7e77eb55c61efa5d6cbfb65e4fa1868476c9dfe
GuLoader
e031beb4c230faf0d895f0d40e5063d56c41d11cf6208a531a35176cd76e3a41
GuLoader
ed33a55395aa0b7061266a9c61b87fdecfb3fd0605ac1ca342751f9deaf25930
GuLoader
f8e186c218a4ec518e457f4e23eb43ab3c6067592ac2f5c4170d2f2a793df375
GuLoader
+ 184 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments