MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 304068e131e7bf969d30f3d5d4cf1dff0f17342b5817a6b37a89b3e4e0d79495. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 304068e131e7bf969d30f3d5d4cf1dff0f17342b5817a6b37a89b3e4e0d79495
SHA3-384 hash: 17c78441af1eb3a956c47ee697c7daf4988562622631b6a6bd8385e81eec8c2959d545d48c78936eed5d0da29307f187
SHA1 hash: 862b60bc4c1e125f16f4305de69ca8a9a5e7de6b
MD5 hash: 9219f25b2ea83724e294de62a3e94e60
humanhash: apart-king-high-montana
File name:PO078453.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 06:35:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d13d3a99ad84ae45b7d57e82433ea720 (1 x GuLoader)
ssdeep 1536:bDkuRtSWwJuZria47dUJ3bjnRuRWc4d8:ZbwJ37Wrjn64d8
Threatray 768 similar samples on MalwareBazaar
TLSH 4573AF03A908C953E1544AF06CE26FA89F667C2859426E8B209D7F5FEC357C31CAE13C
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: coreit.mynewserver.com
Sending IP: 88.99.38.211
From: "Nilar Win" <kelly.giotopoulou@theluxuryspot.gr>
Reply-To: "Nilar Win" <Jack.Zou_pluckmarine@outlook.com>
Subject: New Purchase order & Request.
Attachment: PO078453.gz (contains "PO078453.exe")

GuLoader payload URL:
https://octagongrinning.site/bin_pttnVrxEIl238.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7246/
Gathering data
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 06:37:04 UTC
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gbagryjr467znhjq6pk5jty574hronbllal2nm32rgz6jygxsskq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
229d8d98a701a24e93b4e374092a5ce767fb859ffbc243cea9c1486b871dd4fb
GuLoader
34c9285a6b094968258fffe94cb3339c1715cbc6b8db1d309f7075eb0afda2d0
GuLoader
3b15d18c463f3a0a6c2b2915d129924dd0791bc5252cfee280b9a6e296229403
GuLoader
3f9c00f6723ec4cdc7daedf53e900bfbc4c15bb910415c30ab39e4898c8e211c
GuLoader
5f0c0c43a813132bc787e581c5456b0bbd3f4bb1947691b9636eec6236861f5c
GuLoader
620e100a8454a1fe2978e299f7b591c07589bf257bd2b1913c3b7ad601699e4b
GuLoader
631c795e9e20bfd8d33a2ecc2d8e1e22f925eb2aff8f052904bd779a66ccaada
GuLoader
7a3c2ae5d4136ec42547d1e2938ee2ae13ce967cf174db9abf9211ea5f43f3df
GuLoader
888a2bd11840935e40bcea4cb2adfe57938ac8e0bc2e05c51b575167a469e667
GuLoader
ea0bcb9c44a356945727a78ca03b727f5ce4dd69accb51dc7fee5918477133be
GuLoader
+ 758 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-pvd2b4w1ka/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ae803f54b75dcec5b072b3adf4803f94f6028f0f78c6c3b672fdfb831e736806

GuLoader

Executable exe 304068e131e7bf969d30f3d5d4cf1dff0f17342b5817a6b37a89b3e4e0d79495

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/384278/
  
Dropped by
MD5 1a99ede6a8a2290534db61dd5dc6e3f5
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7246/
  
Dropped by
SHA256 ae803f54b75dcec5b072b3adf4803f94f6028f0f78c6c3b672fdfb831e736806

Comments