MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ca90c14bd5ed0eed66f26051883a84eaa393bf51b1c1c877b2d98325342ef9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ca90c14bd5ed0eed66f26051883a84eaa393bf51b1c1c877b2d98325342ef9f
SHA3-384 hash: 8611d3acd7bc5acd39457c4999de2e834f9b7fe486b476dfd3360f0a10d75125111357612710993cddcd0c937531f771
SHA1 hash: 0a8888839bdd99c2e0875949373b66205ad93e69
MD5 hash: e187a97ca62429d4d61437a83eee308d
humanhash: bacon-uniform-september-nitrogen
File name:SecuriteInfo.com.Heur.PonyStealer.lm0@qCEXzAhi.839.21701
Download: download sample
Signature GuLoader
Create hunting rule
File size:180'224 bytes
First seen:2020-04-20 14:14:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6961ab9c2a1396a0826620bad0afc6b7 (1 x GuLoader)
ssdeep 1536:JZDJ/aowEGVQETCg5DAE9u3big3e/ngtIegFg:fDkcKQKp03GxCp
Threatray 688 similar samples on MalwareBazaar
TLSH 3104F7527E30D961C0144630AD76C3BAC6107DD5DDE845CF6A80BB1FFEB19933AA829E
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7678915-0
Create hunting rule

Win.Dropper.NetWire-7683332-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Dynamer
Create hunting rule
Status:
Malicious
First seen:
2020-04-20 12:20:31 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=psuqyff5l3io5vtpeycrra5ij2vdso7vdmobzb33fwmdeu2c56pq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
051101f45d03dac4583297cce0d708af562dedfa085b3d9dcfea40be2083e7ab
GuLoader
085723cd3bf42b5f4cba4d975389d6f088c22cc696f4f0771251a3a1afaedc53
GuLoader
473f6c38f3047708289a930f291a474052b160a9090bc6c2844f53b6226805ad
GuLoader
549d741341e63a5b461b0244c3ecb5377d8d8c95fa9a2bfe9bb096950b7993e2
GuLoader
81cce625083e6605ae26986b9c8b6aabbcbad243d7cc92c47b50e14aa950a075
GuLoader
89e7b3d326525ac681ac369108ceea6641ce74782bddd37528bfef6ae1b2a6bf
GuLoader
abc26a4dae06f9fa3a58be8ae001afa9b529384fd22814469cd4e7bc5b8c1255
GuLoader
b65a42512465c82d804bdb56b5e1e633afa4571a20dc68d311ecad4a8fc3654d
GuLoader
c37ae1ed1bf166c96faa73db4544f415c2b81f0a42ccd5311e0aabc0b9e4f455
GuLoader
df34eee3a23ae66bb689bc1911e417cdaa7b51c353dc586bdb3280f86df09b55
GuLoader
+ 678 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 7ca90c14bd5ed0eed66f26051883a84eaa393bf51b1c1c877b2d98325342ef9f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/346728/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen

Comments