MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1e6db23f71358086c0a6d54602989535e6c25309d92af9f0db056d4a372fe8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f1e6db23f71358086c0a6d54602989535e6c25309d92af9f0db056d4a372fe8e
SHA3-384 hash: 8c32fd9b72e7a1976ac9f31303fe86b2670eaf4fce9ce3a4a4affb858bd92f9cd94df62e7b2ee5dd43b8a493bbe1529b
SHA1 hash: 41b48a90953f7a738dd6b38007877a25b5bca480
MD5 hash: 80b7f90d2919730d4aac0069805fed05
humanhash: hawaii-social-blue-north
File name:P.O. # 1303121R.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:217'088 bytes
First seen:2020-04-22 07:31:58 UTC
Last seen:2020-04-22 09:16:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7ca9a259ef81b6e99c765b4d1f2737df (1 x GuLoader)
ssdeep 1536:740v66kvByFiu9D/xUsy8TTOCQMA8yJSx5YQOnGXpNcgiHD+OrZqXXLN9TJxysO:Bv6ZBifhpT1NPyRpG8gwysMjNxysO
Threatray 122 similar samples on MalwareBazaar
TLSH 6E240981BD74E863C31046316FE9DBBDC2583DE0D8E5C64F24907B1AEE32299596263F
Reporter jarumlus
Tags:AgentTesla GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Remcos-7684278-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 00:33:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6htnwi7xcnmaq3aknvkgakmjknpgyjjqtwjk7hynwblnji3s72ha._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0232fe4b3256a6a4700de482e5e9074baf4548d7604cf4404182be73353ee32f
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
39067a6a8ac06d60189b34afbb9acd73e8e33aba91653c39a037c2f78f972f29
GuLoader
4aeeacd6a9c14a9c0de9c89d4264cd72973b416a0704b44977d9ea399bbfb181
GuLoader
5e627b14e776856c2904f622b43da929fbc41c1d0b753cd0f98913d8eeaf3544
GuLoader
5ff77cfc952a63f6c75709db72ca3ddd2b362bf416bb454957f3b8bfdbaafd50
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
be45d144f539c0ef3ce8329cebcc9e26167f293bec1a9e82f5e7294a6fc17c5f
GuLoader
dea51f7f074a8d9b0e30626e11ca4a79de602da24ba64d0222ee1162a5fbb5ba
GuLoader
+ 112 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments