MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 201c1781eda88bc2a41ecf313bf6a33decd09339b6406aafa6f9be0dc36d05b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 201c1781eda88bc2a41ecf313bf6a33decd09339b6406aafa6f9be0dc36d05b9
SHA3-384 hash: c8d7e4d6ad7bd2a0076c955dd2f21a06a114d6d4d946b4c4283e3de7f539571028e8defdf83d35a5d1f92b1fac968054
SHA1 hash: fcd4d863fbf0e4af16cb24fe29be410ea8878eb2
MD5 hash: 339f45951804433d30a1ed948696eb2c
humanhash: oranges-blossom-orange-zebra
File name:SGN07752816.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-18 08:53:33 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:gTkBEaiM5p4H2+mjSKEniKBd5F1MzGyE1AjFsXsem4ZWNQ8mJZ81C08fkBM5:9SWp4DDnhBd5F1MSyEajGcI1J+dUkBW
TLSH E7455B51B6D896F7F3A84B701B645EF914FA7C302992CA4735DC3E9D2B73A04C92122B
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.agrichen.com
Sending IP: 104.168.146.136
From: ppa. Thomas Rawe <info@agrichen.com>
Reply-To: thomasrawe@kraftcurring.com
Subject: Quote Price
Attachment: SGN07752816.IMG (contains "SGN07752816.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=8E778D4A23C91A07&resid=8E778D4A23C91A07%21262&authkey=AOwbQzbkp3_r_ZQ

Intelligence

File Origin
# of uploads :
1
# of downloads :
225
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/201c1781eda88bc2a41ecf313bf6a33decd09339b6406aafa6f9be0dc36d05b9/
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 14:26:42 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=eaobpapnvcf4fja6z4ytx5vdhxwnbezzwzagvl5g7g7a3q3naw4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 201c1781eda88bc2a41ecf313bf6a33decd09339b6406aafa6f9be0dc36d05b9

(this sample)

GuLoader

Executable exe 784de198ef93d833ca1fee15a525d646a632e33e82f69f113d9c79f9bce94dfa

  
URLhaus
https://urlhaus.abuse.ch/url/434637/
  
Dropping
MD5 b359648a383b0bcbbe73048a6241378f
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 784de198ef93d833ca1fee15a525d646a632e33e82f69f113d9c79f9bce94dfa

Comments