MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f84e6e22fd9d11dc942218f7efd0e3215b92ca5a05c33cd06c89f2b58372e3d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f84e6e22fd9d11dc942218f7efd0e3215b92ca5a05c33cd06c89f2b58372e3d0
SHA3-384 hash: a8cb4cddd3205a46bcf7800ce8d78bb6ac076b411f994426a8dfeae7a7c0c67aab7f3a20efdc4adda6898e7fa1435eaa
SHA1 hash: 9094ebb0c49ff5a1ca993797bc7c5165a5e6aed7
MD5 hash: de58481e5ed2f1b98c48c6e85e41039e
humanhash: grey-one-kitten-hydrogen
File name:scan-800987643568996689.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-03-24 05:56:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ea4dee4790e6f99f97a2a546fb8dfe9c (1 x GuLoader)
ssdeep 768:LyqlHNCPXfADk82TQtfSnaHubASIzMoMfeDx743n+ogQePH7u+uJnsU5u8+8Am:LbCL8ncnb/Iok74XDou+6F+8Z
Threatray 756 similar samples on MalwareBazaar
TLSH 17C37C21F655E49AC88B1E7C4DA6C2F45272AC314E24DAC77A013F6F3CF62929938B54
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7639969-0
Create hunting rule

Win.Trojan.VBGeneric-7640028-0
Create hunting rule

Win.Malware.Generic-7640054-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-23 18:33:00 UTC
AV detection:
24 of 30 (80.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7bhg4ix5tui5zfbcdd367uhdefnzfss2axbtzudmrhzlla3s4pia._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
2b06bef1e11a4116301fd6fe39fee4f1a131cff248ba8e1213335161f51385f9
GuLoader
484b37c91fa9737deb4621d7adaec989419ba06a4e97ae797b7fa6fdbfaf3e67
GuLoader
48b1a92588acbffde14a7629f2733bfa00e75bdc76ed1b1435d4b9d283394f8f
GuLoader
525e84690c9ed421e2fef9331729469af6d9ec8edbd67f55ccbcaab6b688bd0c
GuLoader
94aa044af536864b0126b945a20ca29ccad0f3471d8ee3516c10b065ed49739f
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b6815b7c6bd39d114da295e839d472997b073db3d57429aadad20bb73c7b47c2
GuLoader
c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa
GuLoader
da9905dfd7e60f5a61bd23a3820c461bb67d59f5dafea80ee20f838871c9ce83
GuLoader
+ 746 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe f84e6e22fd9d11dc942218f7efd0e3215b92ca5a05c33cd06c89f2b58372e3d0

(this sample)

HawkEye

Executable exe c085fbaacb5db264b06e40480126208b2ff797317a2062e6ba69da405a094951

  
Dropping
SHA256 c085fbaacb5db264b06e40480126208b2ff797317a2062e6ba69da405a094951
  
Dropping
SHA256 c085fbaacb5db264b06e40480126208b2ff797317a2062e6ba69da405a094951
  
Dropping
MD5 0b81236e011eb2d41c3b22894154edd1

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments