MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7fbd290f28f3ac346e168c3994febcb70f81ddeeb366982226ca76559ad0fdb6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7fbd290f28f3ac346e168c3994febcb70f81ddeeb366982226ca76559ad0fdb6
SHA3-384 hash: 7b7a8fc26e9815a21316cf14c50a72be1350dd749199394b61d31ac43ffd20f2e0297e613df4daac319d88dcb7d19758
SHA1 hash: 79375b6aaf1c3b084b42f97795677d14a5347456
MD5 hash: 05d513e2140823e9a253ea541a0ca661
humanhash: oregon-paris-spring-solar
File name:komfu.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-04-18 07:51:55 UTC
Last seen:2020-04-18 08:39:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d715df278f1a30cd07e889d83c5b10b7 (1 x GuLoader)
ssdeep 1536:oYO1eao6ErIYkESRaMmNxiTRGNO4nVpN5ZH/FPmk:w1em+o0Eo/rNLz
Threatray 240 similar samples on MalwareBazaar
TLSH 62B3186175A4FE07C1114AB2AE7AE7EC0468BD389D506A0339C03F5F3679A817472F2B
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Genkryptik-7679014-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2020-04-18 09:25:36 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p66ssdzi6owdi3qwrq4zj7v4w4hydxpowntjqirgzj3flgwq7w3a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0d636ee27d6bdd747e4227b7cefbb0476d5990b870a72281523c312d723cba6d
GuLoader
38f7fd6bcc5fd2013ab28af3d86a9597eae87229d5e451e50df7f4bd95251c1c
GuLoader
409e9f0bd7768a11ce2a6bbfdeb1563cc82af31f6471772030d991475d5fdf9b
GuLoader
4fd96327aca2d44216adea947c36d2913c82929fc2c124750322f13ae99262ba
GuLoader
9ac8d9211067d6a7481de6c319a8b1539e60d6b63b4cf8588167fea878b5bbf7
GuLoader
9dcbd7275591da8239565b13a34a76b03c70f1a2b5f1e7d0fb2db6a7829e4980
GuLoader
9eb4c6d5f141edfdd0a023c040e99fa1f47e091dbffbb289dc944770ec7510a4
GuLoader
9fe74190b07513273c23f4ce748225b24fcaff237f3cec7e217c6599c705f419
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
ba69f3a46adab4538160c660436ca56015abacee306b06b064ba2b64df838552
GuLoader
+ 230 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

Excel file xlsx f1c8131edd3c5a30be572c52d2e4c15e07968bebad0ee05c49eee8374b89fe5a

GuLoader

Executable exe 7fbd290f28f3ac346e168c3994febcb70f81ddeeb366982226ca76559ad0fdb6

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 f1c8131edd3c5a30be572c52d2e4c15e07968bebad0ee05c49eee8374b89fe5a
  
URLhaus
https://urlhaus.abuse.ch/url/342893/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments