MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d615e82f2b0a90f4d7b50e17fa070d6ce5684bde0a5de1d0661f2d166af964b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d615e82f2b0a90f4d7b50e17fa070d6ce5684bde0a5de1d0661f2d166af964b
SHA3-384 hash: 2ad51e0d242531f9f519902267271ec02b98a5b42162818183b59089e5f5dae9e9623b526f87e1d7ebc8fc7f81a0056e
SHA1 hash: 594d4d5369e5f21b86ad73382ee50a2ebf454db6
MD5 hash: 1c46460fc587c00d3b11694deef6392a
humanhash: alpha-zebra-coffee-friend
File name:SecuriteInfo.com.Gen.NN.ZevbaF.34100.im0@aqbfWFai.31059
Download: download sample
Signature GuLoader
Create hunting rule
File size:135'168 bytes
First seen:2020-03-25 01:34:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 49632a5b2cb49729728f8b81f4fcdf77 (1 x GuLoader)
ssdeep 1536:tXf/0Mh96Gh0/0AJYpt4KbFjuK1F7cIP:tvMMH6G2/0AWpiStX7cIP
Threatray 1'329 similar samples on MalwareBazaar
TLSH F4D33C36F450EC66E94A0E7C8D65CAF80627EC305D21DEC7B9057F8E2CF23469568749
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Remcos-7640573-0
Create hunting rule

Win.Malware.Generic-7640581-0
Create hunting rule

Win.Dropper.Agent-7725907-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-03-24 23:36:09 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lvqv5axswcuq6tl3kdqx7idq23hfnbf54cs54higmhznczvpszfq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
085723cd3bf42b5f4cba4d975389d6f088c22cc696f4f0771251a3a1afaedc53
GuLoader
09476389f92f23216cbb99cf3dce7e07deee2fdc29d63b066aef91e9b1a78197
GuLoader
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
GuLoader
2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c
GuLoader
4fb3528f5fc1a30b03cf69920e1db68cd4943c1c303a09cac0723a10abfcc378
GuLoader
7f634109798c4160a15a6cc810fe2d8670f419008ec6a12d36a537ad4de7fccc
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
a0c9160c101b0eeaa3cc660fd1e22abbd54d566068acdc2968afbef1590548c2
GuLoader
f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
GuLoader
+ 1'319 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 5d615e82f2b0a90f4d7b50e17fa070d6ce5684bde0a5de1d0661f2d166af964b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/329293/
  
URLhaus
https://urlhaus.abuse.ch/url/329347/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments