MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 732c9c7757dbdf97e70c6596800795a74c53315704e95a97461e5c2a28d97e3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 732c9c7757dbdf97e70c6596800795a74c53315704e95a97461e5c2a28d97e3d
SHA3-384 hash: f4d2680f54e4312da595969abbd62180a0c1d5ab7bda93f70d334e7c7cd6d6f8783d6433bd0e34e3f94a48bdb16663d6
SHA1 hash: d5ea69e9917b6c201876e9a8f4416a1874223fdf
MD5 hash: 9683bf93bdc4fcb8454af0ffc7ed0dc7
humanhash: kentucky-pasta-happy-nineteen
File name:New Order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-03-31 14:09:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a20c660d52df91f8b90c495552d2a406 (1 x GuLoader)
ssdeep 768:tP+lp1iQwXKE7IRDotInu+HNw5pKpeTSbbpmsUkmS7zsEdRK5sHPcRfE3dtU5u8c:tPs5sM4bYmSPsv2cRfE3dAc
Threatray 1'167 similar samples on MalwareBazaar
TLSH DDC34A39F154E426C4861FBC4E9AC2FA93B2AD710F20D68B79043F1F3CF56969928718
Reporter c_APT_ure
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7639969-0
Create hunting rule

Win.Malware.Generic-7640054-0
Create hunting rule

Win.Malware.Generic-7640085-0
Create hunting rule

Win.Dropper.Agent-7725907-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-23 13:36:48 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=omwjy52x3ppzpzymmwliab4vu5gfgmkxatuvvf2gdzocukgzpy6q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
netwirerc
Create hunting rule
Similar samples:
0c017b57d7f1cbfa01f54deb15b7f04b8923acd4585435050589b1762856247e
GuLoader
3c05c5b0d65a0c7c5c415a6dc5adceeb651f986f40d4a5d2cf41331b8a8d52b7
GuLoader
4d0dfe01c27dfd2c35464a3f435cfb4cad6e996d6fc407cc8f10fc0b3d0692fe
GuLoader
4fb3528f5fc1a30b03cf69920e1db68cd4943c1c303a09cac0723a10abfcc378
GuLoader
844fb0d61ff2be56043914797b2e0123e111f616bbd743e3ecfee5c340651146
GuLoader
a1eec13238d8aeff47e2544402482dae53aed3617e73a5e757746db56cc3f353
GuLoader
c76654971c4af60511d3583a3bd00c673904569aa93973687e14e95b9e80de6f
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
e7cf4a0d3f94afea480bf5e64a658029d02191330244697ba9afd81dd5b56386
GuLoader
ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74
GuLoader
+ 1'157 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe 732c9c7757dbdf97e70c6596800795a74c53315704e95a97461e5c2a28d97e3d

(this sample)

AgentTesla

Executable exe 022464e0212ba39ca309b3a853a7fd5cfcb39a2b69799ade0289deefdec74709

  
Dropping
SHA256 022464e0212ba39ca309b3a853a7fd5cfcb39a2b69799ade0289deefdec74709
  
Dropping
SHA256 022464e0212ba39ca309b3a853a7fd5cfcb39a2b69799ade0289deefdec74709
  
Dropping
MD5 1df32cfbd8a74d2e93d43c871fd5e51d

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments