MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0db92be4f4c812dc5afd007d59f5f2c0288497bd002ae40f96ca7e6b6cb7b83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0db92be4f4c812dc5afd007d59f5f2c0288497bd002ae40f96ca7e6b6cb7b83
SHA3-384 hash: 323eb94d2ad28205be21c76baf099198d27c380b0c2a10566f05912341916a2010d24ca1070bbe2773422bcd8f93d19d
SHA1 hash: ee2cd350f6838714837af9016203b2d64396b125
MD5 hash: 0a3b1a1ba006098463fa23f09d3d5386
humanhash: uranus-mars-mars-fruit
File name:SecuriteInfo.com.Heur.PonyStealer.fm0@omTiqUfG.26254.6575
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-14 09:37:38 UTC
Last seen:2020-05-14 13:22:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 48ffd58312783d55e71496a87b52aea9 (1 x GuLoader)
ssdeep 768:TvyVfihJMdxuLFwQd7mR4erBIkGx3SS2Zp7t/Hrw/FCnnmkHh6WEtZhfGXOmM5Zk:7rSm4HtZSCnmkIsq+f
Threatray 161 similar samples on MalwareBazaar
TLSH 54834B22F695D9B2C590CBB46E739FAC152BFD300D119D0B35C43A0E1F7AA4DA46532B
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.PonyStealer.fm0@omTiqUfG.26254.6575.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 02:16:41 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wdnzfpspjsas3rnp2ad5lh27fqbiqsl32abk4qhznst6nnwlpobq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08361399bcfd6c87b301f7dd61be86d5eedf3013608d3cd98c818435bd43a724
GuLoader
20b3c1c5495ed7389cb63dfe6f990c7acd72edd8a6e385cbe698702647d44649
GuLoader
32c2766ee799eeffcfdff37dc5a1237b1c152f36b7108c4bd13c082db2d46423
GuLoader
453e22919069356ebcdd0761b215364026ac41bbb167a590295bb50dbb30be93
GuLoader
5312fab3ad83a00863c90baec3bbe7f1265cc6d94398b364f2cd7c11369af074
GuLoader
6f2ed9ee33724651d7fb52edc4dbb3bfde3c19ca12cf5e990952d392305d1c20
GuLoader
77cd698dd8da0266aca9be3942b70558c060cbd5dca39450fbbab461f4b06b92
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
bdd1e58d7a15e88b1f6400fa7aff3d021a3b944dde54e0b156b5d90c71e1f553
GuLoader
bea57552e1978630f3038e4df06ea8fe0d34c9c1656c971f2bb01a894b0f67eb
GuLoader
+ 151 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-cf1xxr32ms/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments