MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fccdebaea1d99fdbb92837bc7a7628cc7719ab4b35c102ea9adfb2e40b28f131. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fccdebaea1d99fdbb92837bc7a7628cc7719ab4b35c102ea9adfb2e40b28f131
SHA3-384 hash: a28762d8d4125903e07984e7949b868c055a610f0f037147a3c75a1dad8aab50c31ad76df3161e400d463b03f5420a5b
SHA1 hash: c032022893ac41adb83b97136521d433ad044d01
MD5 hash: 502166d6c5273a4312a9d86adf48e333
humanhash: fix-west-montana-virginia
File name:L6L.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-03-31 11:55:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ba0c3158f94dedc8ee99b0969404fd59 (1 x GuLoader)
ssdeep 1536:iYxE54E72UZqIPNeIuPWEv8rCRnVmYCOz+7GOT3kn:WSE7LqIle1VBp
Threatray 528 similar samples on MalwareBazaar
TLSH 62A3D512FE00FC64E4244DB6CB7597985266BE347E056E4334C93EDE7AF12947902E8B
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Remcos-7647550-0
Create hunting rule

Win.Trojan.Ponystealer-7648176-0
Create hunting rule

Win.Dropper.Remcos-7683428-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 03:37:24 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7tg6xlvb3gp5xojig66hu5rizr3rtk2lgxaqf2u236zoiczi6eyq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1480e69cac4dec8dba239678446472b12f18cc5e963cc8b7c507a9ccaeaa75cf
GuLoader
2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9
GuLoader
57acb5d89c02230f16fa4223e779f5defcb924a9e42ac05c245f91561c1c7fe0
GuLoader
581a5839e84c512e1ba78931b78cad6a25ad5ec0c6033d033db3350889285c9f
GuLoader
60c2a6a0bc12f4b6fd4ecb473d5de3d9de561ee3125055dbbf2d8ff12bb83f60
GuLoader
6cfa6754f2c32d3856972eceda81e57c0a274c80419482b6fe3910966b67a114
GuLoader
895e7e85e398a6bd3615a8453c1ed21979a2676fa84af0e53077635f812b64fc
GuLoader
8c1b12be1067ff4a545a6f94c820cad44ec7c13250003f76c4e601d61be5c56a
GuLoader
b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57
GuLoader
c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
GuLoader
+ 518 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe fccdebaea1d99fdbb92837bc7a7628cc7719ab4b35c102ea9adfb2e40b28f131

(this sample)

NanoCore

Executable exe c13ebcd5694fe6c489f6c829828bf20c4cc3008da2c75fe2cf39fda68d1024a6

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/328893/
  
Dropping
SHA256 c13ebcd5694fe6c489f6c829828bf20c4cc3008da2c75fe2cf39fda68d1024a6
  
Dropping
MD5 88bf5ac57d1e0d15b4d2499bb594bc9d

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments