MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89210ae907c9573298a900f88b97082c190618d64ecfa37eb5afda4615629475. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 89210ae907c9573298a900f88b97082c190618d64ecfa37eb5afda4615629475
SHA3-384 hash: f95f2f08f5c76e01254ac056312c5e87c9302830f0586bcd82c0bf67c85b90b933af347cdc920b5eb768a509990e4280
SHA1 hash: 921a5ebe1d32eaf5a8aeb710728144d5286685ef
MD5 hash: 6da0226265ebf7f22b33d07f88afbc69
humanhash: timing-washington-mississippi-bacon
File name:mich.exe_
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-03-18 13:33:57 UTC
Last seen:2020-03-18 16:01:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ba764490bfb332d0b379f9ebd6b9dd3d (1 x GuLoader)
ssdeep 1536:3LWFISbicjH5F2Rcr5x19AiCv1JsZyw+rUtTB11kM49:6FHXj56nZwUrGTNkJ9
Threatray 509 similar samples on MalwareBazaar
TLSH 7FC39D42FB50D867D11A8A3FAC46D2D3091FBC6825E2D95B39947B2E78F40E1CF1D621
Reporter oppimaniac
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Vebzenpak-7639837-0
Create hunting rule

Win.Trojan.Agensla-7639840-0
Create hunting rule

Win.Malware.Vebzenpak-7639843-0
Create hunting rule

Win.Malware.Vebzenpak-7639845-0
Create hunting rule

Win.Trojan.VBGeneric-7639862-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-18 13:16:13 UTC
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=reqqv2ihzfltfgfjad4ixfyifqmqmggwj3h2g7vvv7nemflcsr2q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
3df464cdb09ec8aed7589b31541a291c9b921f49b2cc97aa34d363161366db8a
GuLoader
5c86fcf32d1f15a745dd2f39989630ac310d1aee52af7b5f762f75f8855879ab
GuLoader
65ec71a21b121cb6b5ad5c16425f217589eac46a8879aad3a8f04f5e5b2d872e
GuLoader
6964c8791bbf63ce0cf1dac7e62486fd3398d16c72774904fd3a7ca4f3957fff
GuLoader
855dcd368dbb01539e7efa4b3fefa9b56d197db87b1ba3ede5e1f95927ea2ca3
GuLoader
85a143f34f286cd9c586a4b7abe97fe012b529f90a940852cbfadc6c9494c4b3
GuLoader
a3c2207806f9be710f3a1d1cbf1149a708bb080946e2368c8e826f5cef2293e4
GuLoader
ab8e874a1010d724e8008b46a262fdddcd8847c5bd5e43a62abe6e48ae324f71
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b289e7a3e27dfee54ea6a2610a3cc690b96d7dafec31756401349935e3d83202
GuLoader
+ 499 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/89210ae907c9573298a900f88b97082c190618d64ecfa37eb5afda4615629475

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 89210ae907c9573298a900f88b97082c190618d64ecfa37eb5afda4615629475

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/326426/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments