MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dffc2ea9e2d70e83228e7e109b0e9c4f490df7c513ed32f3dd58fb4a3d5a4cab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dffc2ea9e2d70e83228e7e109b0e9c4f490df7c513ed32f3dd58fb4a3d5a4cab
SHA3-384 hash: 106206bec9c3124f554086dfebfec9ef587aef5fb1a039792ab80a58d39ff9031d50b289e0c7daaffe68e00f288abc12
SHA1 hash: 64b871624b72bfc11a251988ff407d456d44db79
MD5 hash: bad5023a9d2671033a935c40e744a326
humanhash: burger-mars-floor-purple
File name:Lorans5.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-04-27 02:24:57 UTC
Last seen:2020-04-27 02:44:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2a22139dfb2a12d6957a1269b617e1f6 (1 x GuLoader)
ssdeep 1536:i6ogGeGHVlXryZsaP3XrFxFz4Wx5p5JM:i62HnXiD3WB
Threatray 668 similar samples on MalwareBazaar
TLSH 3F930823B154AD62EF1C49B28B86AD9410A7AC713C94CF8730C73A3D2632681F766B57
Reporter deva1992
Tags:GuLoader


Avatar
deva1992
Doesn't execute in VM environment. Need to analyse in live environment. Delivery method was email link of Gdrive.

Intelligence

File Origin
# of uploads :
3
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.LokiBot-7710133-0
Create hunting rule

Win.Dropper.LokiBot-7710161-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-27 02:35:19 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=376c5kpc24higiuopyijwdu4j5eq356fcpwtf465ld5uupk2jsvq._file
Verdict:
malicious
Similar samples:
0011c686f49b6c536dd548a5b94f18d6aa41040c66cc483c10c006ee4d4efa27
GuLoader
11de084924b529df84b9c2c04845a186f10c8a0475e34f6eb379d949f35756fe
GuLoader
37d7bba1bacdbcb35e301c1fc391449ea84d1203ca59a8b1f1142acf4596e032
GuLoader
38d3f45c15d354a76eaa73d2da717165dee22b8207fa87088685486019ff482d
GuLoader
460a85fda060cc0c8ab5a1aace37dc1f14bc400f4a3b011e613f64e0000c77b6
GuLoader
6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986
GuLoader
8889140ce8f51cfc74f4e3f751eb8cb73791a95524f87d66c33b8ac2fc552bf3
GuLoader
a9a117ae98fd5a5f90a2058461be2dc525bde25a920d9acaeae2490633587392
GuLoader
baac016255a128a1209211bba2a47979f3392f12c41d5805469f899eba6de47b
GuLoader
d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e
GuLoader
+ 658 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/e50360ca-6d46-4314-98ab-94d7a4d60721/
Joe
Joe Sandbox
https://www.hybrid-analysis.com/sample/dffc2ea9e2d70e83228e7e109b0e9c4f490df7c513ed32f3dd58fb4a3d5a4cab
  
Link
https://drive.google.com/file/d/1TPda00ZQt9Nub7RFKgT8oHGs2IsOAr5b/view?usp=drive_web
  
Delivery method
Distributed via e-mail link

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments