MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79c02f862d1c71aceecaff12e89133da4dd8874c19d6a8ee882260b795aae16b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79c02f862d1c71aceecaff12e89133da4dd8874c19d6a8ee882260b795aae16b
SHA3-384 hash: d100b08b20a9f52457a9801e12cfb8c41b20a247adca4822d7b66c3c124e6e5f58efe88aa27ffc05783c222305b9e4f2
SHA1 hash: 3e9ac46dd2f641386fe7a75d06eaeefb508cca97
MD5 hash: a19e4782f22d9d63a0fcbfb580ba3531
humanhash: yankee-happy-sweet-six
File name:mnb2(2).exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-04-02 07:00:56 UTC
Last seen:2020-04-02 07:48:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fee4b2730441cc6aed298725cc5a3bae (1 x GuLoader)
ssdeep 3072:IyxPxJm1/i1/YBVylLk4NTlFv5TvrMblaTWL9Q:Iy/ifM
Threatray 1'058 similar samples on MalwareBazaar
TLSH 02B3F661BA50DE40C4084CF1AF6587EC93B8BD318D58AB4739C53F1E7E76291E162B8B
Reporter oppimaniac
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Filerepmalware-7646386-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 07:35:40 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=phac7brndry2z3wk74jorejt3jg5rb2mdhlkr3uiejqlpfnk4fvq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b97f89957de59d3a218ed617e6acb9136e3279f9dec3f864ec32d9b29b77ec6e
GuLoader
c737a312b31a2dc00d9a7ea618b0e6fcf6fc3f766d99f0503951f508247397ed
GuLoader
c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 1'048 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe 79c02f862d1c71aceecaff12e89133da4dd8874c19d6a8ee882260b795aae16b

(this sample)

AgentTesla

Executable exe ec849a605c6a400f95f039d26d3cd3774d1c5548c05e9ca4ed477346eb49de78

  
Dropping
SHA256 ec849a605c6a400f95f039d26d3cd3774d1c5548c05e9ca4ed477346eb49de78
  
Dropping
MD5 b45610a7fb390c6b220b9ab9e061a29a

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments