MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ecf2d6637db61f16f9b10b5162986564741b5e5c5e9084d6a38fa61c9c7ea953. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ecf2d6637db61f16f9b10b5162986564741b5e5c5e9084d6a38fa61c9c7ea953
SHA3-384 hash: 20cbf093422c1f8897137e4834a22bed2b678f777f9439bc12fc18cdf5f915804184501d3158d497ebbbed1af103a2fd
SHA1 hash: edccc86c2f2e7b2ef3c94ecb79045c27040ef21f
MD5 hash: 2b57c640af0cbf78db4187b643ae5ada
humanhash: jersey-utah-washington-missouri
File name:DHL Delivery Document.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:106'496 bytes
First seen:2020-04-13 05:45:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 730abd68abbb879b516f0d830ceb133e (1 x GuLoader)
ssdeep 1536:C6JCX4rRCH/6X8NUuV8k04ava+I3rgGcqx/0oOF:hJCo1CflCBbva+orXcqx/0oOF
Threatray 543 similar samples on MalwareBazaar
TLSH 2EA3F502B680FC91CA190E765E7ACAED5966FD38DD80361734C43E5F3A726C47422F9A
Reporter paleoarchean
Tags:AgentTesla GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7667635-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Cryptinject
Create hunting rule
Status:
Malicious
First seen:
2020-04-12 23:51:33 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5tznmy35wyprn6nrbniwfgdfmr2bwxs4l2iijvvdr6tbzhd6vfjq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
2b6160a9720ed2cf3b818dafc81e4f092111d4df2e0db161b994b39a5ceb78f3
GuLoader
434ea880ad59cffded73a776f3a01a75e6afef21fc6dca45b364fd3f0ba54de3
GuLoader
8d85f53634baffb8ccd9907595a253fff4542f33b158e8a57223c5ff51dfa1d3
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b929c43ad6f3aefd59485197209608aee28ba2517eba13c2cdf2fe8c6a3d1d5d
GuLoader
e9b68e43d01d092285e1d109241939a85473ec285448074d0ad0098bc1975550
GuLoader
ece95023cb705530533957a23138102a00540fcc5dd6c3441867cb4e0c0af841
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 533 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe ecf2d6637db61f16f9b10b5162986564741b5e5c5e9084d6a38fa61c9c7ea953

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen

Comments