MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e60807fbf4c0191dcca332ba7a7886bec872472e3d5dfc6cb9cba39b6c4f6322. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	e60807fbf4c0191dcca332ba7a7886bec872472e3d5dfc6cb9cba39b6c4f6322
SHA3-384 hash:	751781d0d73b124a87324ba1758e1c5ed604b8ef836e8896da3af1511770875a0daa85baaa3331e50561bc99c880c18b
SHA1 hash:	c248864b16b7e56119675c20e37562b1c701bd10
MD5 hash:	b7dd9ec6822e25172d19f7c537f20916
humanhash:	carpet-texas-cat-cola
File name:	black.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	147'456 bytes
First seen:	2020-03-26 13:04:01 UTC
Last seen:	2020-03-27 04:17:28 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	1b06ab1b190f49b525cb24ad129e20d5 (1 x GuLoader)
ssdeep	1536:tI9CoII9tM4UwVICiXvmqT2yHVeVrlJNDDDD2hpDDDD3jsGpDDDDDDDDDDDDDDDd:tCVI3j9Xb2yHVetl0n6TxuHJ
Threatray	4'843 similar samples on MalwareBazaar
TLSH	44E32B33FA80C9C5ED101EB04DAA86A18D92BC206D710BD3F3557F1CA8B5A57EEA5391
Reporter	oppimaniac
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Gen.NN.ZevbaF.34104.jm0@aOP2tBji.14243.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Fareit

Status:

Malicious

First seen:

2020-03-26 13:48:28 UTC

AV detection:

22 of 30 (73.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=4yeap67uyamr3tfdgk5hu6egx3eherzohvo7y3fzzorzw3cpmmra._file

Verdict:

malicious

Label(s):

guloader

GuLoader

27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20

GuLoader

55c20b7d42d163bbdc5d787f8e622becd090703a7c2002bd151c45f43bd07501

GuLoader

6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b

GuLoader

a0d38e74310877d9ee7a4d0e75e25272adb25199527d19bc08c0f1ebb21f9ce6

GuLoader

a88caf11b01cea311aca13b6e757a8974d5033e1acb8749b9d1951ed0d93d44c

GuLoader

b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893

GuLoader

bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3

GuLoader

ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645

GuLoader

f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c

GuLoader

+ 4'833 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

exe e60807fbf4c0191dcca332ba7a7886bec872472e3d5dfc6cb9cba39b6c4f6322

(this sample)

Formbook

exe 55c20b7d42d163bbdc5d787f8e622becd090703a7c2002bd151c45f43bd07501

URLhaus

https://urlhaus.abuse.ch/url/330300/

Dropping

SHA256 55c20b7d42d163bbdc5d787f8e622becd090703a7c2002bd151c45f43bd07501

Dropping

SHA256 55c20b7d42d163bbdc5d787f8e622becd090703a7c2002bd151c45f43bd07501

Dropping

SHA256 55c20b7d42d163bbdc5d787f8e622becd090703a7c2002bd151c45f43bd07501

Dropping

MD5 8a6b5cbe466dd587f378a21456bd031b

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample