MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66b739f45f7fe7f1df837a8ddbe8f2f48ba67af8c241273d00e0c890fcc9f312. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66b739f45f7fe7f1df837a8ddbe8f2f48ba67af8c241273d00e0c890fcc9f312
SHA3-384 hash: 452c7550be5a872d2c8d2fc386b4cc80cdf066da04bb6096cc8724b2ed4a588d0e5ea7983a3fa0b07bb49c65cbe7308d
SHA1 hash: e4a158e620709a5a580b55ea9511f0e16f9c5979
MD5 hash: 57840469d4245d18e860dbf076b050bf
humanhash: colorado-north-early-juliet
File name:PO.NEW-29-03-20-DOCUMENT-VIEW.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-03-29 16:07:02 UTC
Last seen:2020-03-29 16:35:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a59a127c32fa1a5e2a4374ce547040dd (1 x GuLoader)
ssdeep 1536:3YgdxhoHtv3mYiMopb+StdV0o1bcaeMFWTkMaH:NhUtPmoosYV0m7H
Threatray 1'479 similar samples on MalwareBazaar
TLSH 0FA3D612FD00BC64E5240DB68BB59A9C23057E267E4ABE03348C3EDE7EF52613552D9B
Reporter paleoarchean
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Remcos-7647550-0
Create hunting rule

Win.Trojan.Ponystealer-7648176-0
Create hunting rule

Win.Dropper.Remcos-7683428-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Dynamer
Create hunting rule
Status:
Malicious
First seen:
2020-03-29 12:51:14 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m23tt5c7p7t7dx4dpkg5x2hs6sf2m6xyyjasopia4dejb7gj6mja._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
189c0fda489ea4a4e4b75f9bbc27e871be591632ba219b86a63d8b1168dde1ef
GuLoader
277ad2e30607538075324d56c194f6256f2a37245f952038d709f237545bf0f1
GuLoader
4b610516f134b6efb2100a2e298a70b573be1cd6c4d653af007b907f11ff065e
GuLoader
5cd5f57afb04ba3ce4e5aaee5a7fa7d10b24a334e30911a49a4cc4cb52982848
GuLoader
6ba2ab2afade3c48fb86ce5290a0980f19e901117033cb723cfd48b3ab2c6888
GuLoader
983a50787533f7fb48c7aeccfe0cc8ea3b16a76a39b22a1668ef800ed56556f6
GuLoader
ae6a500ab45e86279c34a92c49d12f73716f0a492075180cdad48a761bf38b49
GuLoader
e849a38df88dfb8d4f44b1ce6c303a9262a98ae68c610baf1b1f9f2c89e438c4
GuLoader
eec46d65be09a86f25c891d462671a7a0b3140ee4a8a6ac0a9fa7e1c56a8cb40
GuLoader
f6acfb0076b3a4e817b12f1f4e91eb89dbeeee1bca29d591949b73dfb604ef68
GuLoader
+ 1'469 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 66b739f45f7fe7f1df837a8ddbe8f2f48ba67af8c241273d00e0c890fcc9f312

(this sample)

Loki

Executable exe af9d4f33f40bab14f420cd46c9d11d4708a68a3688dc0c2ac9fa41e4f48643d0

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 af9d4f33f40bab14f420cd46c9d11d4708a68a3688dc0c2ac9fa41e4f48643d0
  
Dropping
MD5 e5bdfa578312715bfe0f39d52a88fe3a

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments