MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6070da383c3df420a2b864043a4e47c25f5b35f2f0583a9d997db9a40b9cda93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6070da383c3df420a2b864043a4e47c25f5b35f2f0583a9d997db9a40b9cda93
SHA3-384 hash: 9d1bb5b877b946d38e1abda9a2b48311de88185c75805232f19891d287489b9d983c361fafa9a0a97237cabf400894e2
SHA1 hash: 44cace2505aacddac5fb379a38b0e40c16a2af44
MD5 hash: e88e3bd087eb8fd64af97b9de9ecf0ac
humanhash: coffee-minnesota-social-coffee
File name:DOC (14).exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-04-18 19:09:46 UTC
Last seen:2020-04-19 18:37:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d233ea80b0970c1c9b46d438fa28028a (1 x GuLoader)
ssdeep 1536:kn+bYoWxZQ38xG0jrfaaMGLKagd9KSplJMVRiAPtK:kGFW/31fYBpb+/K
Threatray 1'025 similar samples on MalwareBazaar
TLSH F1B329217994FF01C52586329E7AD7F8445AFC348910AA433AC43F5F3A7998178A2F6F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
7
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
GuLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/1552/
Detection(s):
Win.Trojan.Ponystealer-7648176-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-18 00:04:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mbynuob4hx2cbivymqcdutshyjpvwnps6bmdvhmzpw42ic443kjq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
20a6cb528c226cb7076f9bdcac76a942b32af0baa48df8aeae65aeb20380c2d5
GuLoader
37d7bba1bacdbcb35e301c1fc391449ea84d1203ca59a8b1f1142acf4596e032
GuLoader
3e487a6e78ce053ac4add56861cd380be9c2920d292f83448c0a3f8a814c53d7
GuLoader
8869b2576e5e5ebd15edee49935a89a27bb6dee506483a27f805f708d4bf8957
GuLoader
a465bb38250994671f200d8c66cfc0718354bc8974713ba6f9f3eb15a4acec7d
GuLoader
baeafce74cc8a5c40bd2b6ba2e38312834e48f23f655cfae1d1ae8e78e375b84
GuLoader
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
GuLoader
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
GuLoader
d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e
GuLoader
+ 1'015 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/1552/
Cape
Cape
https://www.capesandbox.com/analysis/1551/
Cape
Cape
https://www.capesandbox.com/analysis/1550/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments