MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7c2e3e6dc40ec793635b6f18e44223d8cbf9fb621ee0d5b374b709510fe2d9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	c7c2e3e6dc40ec793635b6f18e44223d8cbf9fb621ee0d5b374b709510fe2d9a
SHA3-384 hash:	113e2bfe9333024a17ed8232db9d519522e81920d47cd7ca4cfd3e2f72f6c03aa7971d9e220d1d9a66fa8730625167f1
SHA1 hash:	48ef476625cdbc1f74b83841ffc89e4b46615d05
MD5 hash:	9fed11cd0c0bc367b30b08650dfba78f
humanhash:	arkansas-monkey-march-saturn
File name:	makeve.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	139'264 bytes
First seen:	2020-03-25 18:31:42 UTC
Last seen:	2020-03-25 21:05:11 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	90994f1165b3cc4c39d8c2ffd0f3e5a0 (1 x GuLoader)
ssdeep	1536:tMzzsCHx8BuUTJtzENSvysNRxIhmxMtwX1fB340qQl44444444444441CoLkwjpJ:tVS8xttzHa5bCupVMlt0
Threatray	1'668 similar samples on MalwareBazaar
TLSH	AED38C26F1B4E845CD569C761DEBCEB98D27BC255C884E4325467F2E3DBB242AD39300
Reporter	HerbieZimmerman
Tags:	Agent Telsa GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PWS.Siggen2.45639.25823.1266.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Fareit

Status:

Malicious

First seen:

2020-03-25 20:49:17 UTC

AV detection:

22 of 30 (73.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=y7bohzw4idwhsnrvw3yy4rbchwgl7h5wehxa2wzxjnyjkeh6fwna._file

Verdict:

malicious

Label(s):

guloader

GuLoader

50d487621decc715e2b3e349679aba07ecb93d3ee55a3605ec0606d11a05dcd2

GuLoader

6dcf4557563343e881daf4b7d7b01e372457cee637ac001a1102a2e67a69cbf8

GuLoader

8d88c99ff33ecbed42e4185b925f890a616aa0307a559d61595ab67dae6a1a09

GuLoader

aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7

GuLoader

bed06510d878aedc81671ebf83fb2dd246f88de58514124d166e0831b4d9c4d0

GuLoader

c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0

GuLoader

d30f4ed99917a14353e7c981b527597931c9d7440e55173bb44dd6ac6317da95

GuLoader

e0d0b8ce88eb76ca3cb8339d7f49d2d198b2a51b43949b4ddd23a40889cafcc9

GuLoader

e265bbf3f727ff892423b3e24b5368ab4f694c86334bf68ae62ff20dfd7ce5b6

GuLoader

+ 1'658 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

exe c7c2e3e6dc40ec793635b6f18e44223d8cbf9fb621ee0d5b374b709510fe2d9a

(this sample)

any.run

https://app.any.run/tasks/8279e4d7-9f37-4f8c-8f50-3f41f4ffc425/

Link

https://tria.ge/reports/200325-ajbtfx9qy2/static1

Dropping

Agent Telsa

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaLateMemCallLd

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample