MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89e7b3d326525ac681ac369108ceea6641ce74782bddd37528bfef6ae1b2a6bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 89e7b3d326525ac681ac369108ceea6641ce74782bddd37528bfef6ae1b2a6bf
SHA3-384 hash: c7de13c6198dd0d3cbe12dc061fdc50f6f03ac8829c8d178d6d8021b2fd714e93933492960b1affce818c145a6d4a2ac
SHA1 hash: 2740b2485d1185d381ad419ed17a55fc1e4a5727
MD5 hash: e0fd59d2c353ea34dcae56d7558dc101
humanhash: undress-saturn-stairway-hamper
File name:024 STAR CONVERGE.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-04-14 07:10:59 UTC
Last seen:2020-04-14 07:59:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8eed9dd5a32fb24ca25ffcd1e40592e5 (1 x GuLoader)
ssdeep 1536:3pok21pWWArCs/qt+Rfoi9qcSr7/6c0iJ:OCsQL9amcR
Threatray 866 similar samples on MalwareBazaar
TLSH A3B31A52B488FDC0EA168A72AEF2CAE84411FD309E45660734C67F6F35B15D0B792F86
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7667567-0
Create hunting rule

Win.Dropper.Noon-7667582-0
Create hunting rule

Win.Dropper.LokiBot-7667993-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-14 05:29:21 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rht3huzgkjnmnanmg2iqrtxkmza445dyfpo5g5jix7xwvynsu27q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
051101f45d03dac4583297cce0d708af562dedfa085b3d9dcfea40be2083e7ab
GuLoader
1c7aee0fc8ced2b774aa4a05c4a00228dddb3c9768afa1f8309f8e188431836d
GuLoader
473f6c38f3047708289a930f291a474052b160a9090bc6c2844f53b6226805ad
GuLoader
549d741341e63a5b461b0244c3ecb5377d8d8c95fa9a2bfe9bb096950b7993e2
GuLoader
7ca90c14bd5ed0eed66f26051883a84eaa393bf51b1c1c877b2d98325342ef9f
GuLoader
81cce625083e6605ae26986b9c8b6aabbcbad243d7cc92c47b50e14aa950a075
GuLoader
abc26a4dae06f9fa3a58be8ae001afa9b529384fd22814469cd4e7bc5b8c1255
GuLoader
b65a42512465c82d804bdb56b5e1e633afa4571a20dc68d311ecad4a8fc3654d
GuLoader
c37ae1ed1bf166c96faa73db4544f415c2b81f0a42ccd5311e0aabc0b9e4f455
GuLoader
df34eee3a23ae66bb689bc1911e417cdaa7b51c353dc586bdb3280f86df09b55
GuLoader
+ 856 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments