MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50d68559290556e9e3524e8aec940a98b4564b57cc2a60f79d4da9a7d1f8de46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	50d68559290556e9e3524e8aec940a98b4564b57cc2a60f79d4da9a7d1f8de46
SHA3-384 hash:	aaad2c981dc8991996a20c73617318f91c1765c588346307a85d1e414801183a85fe21f518e15d659691fd588c017cb1
SHA1 hash:	bd6f32b5c7fcb332cfcb0f81093d8f80fd3159b9
MD5 hash:	808a8887d16e40fe025e48d7e24b4374
humanhash:	sixteen-november-mobile-kansas
File name:	New supplier Inquiry and PO 081820505_ DOC.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	81'920 bytes
First seen:	2020-08-18 19:38:05 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c8149470224a75976a8a826a88225a14 (13 x GuLoader, 1 x FormBook, 1 x Loki)
ssdeep	768:lpR047bF0RUgjxFem2uUdQFjFKW/2SjcvlBM6Hx5w6LIs056tub0nGR04:tx7bFa1Fh21dQBFKeovoew0CGnGRx
Threatray	144 similar samples on MalwareBazaar
TLSH	09835B42E1DCA6F2F3588B781F555FF600EE3D306891CD0768DCBE5A2A37906896427B
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: smtp.aonbd.net
Sending IP: 117.58.240.41
From: Purchase Vertex Safety A.S <suzetrey@netvision.net.il>
Subject: Re: New Supplier Inquiry Vertex Safety and Medical Equipments.
Attachment: New supplier Inquiry and PO 081820505_ DOC.uu (contains "New supplier Inquiry and PO 081820505_ DOC.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=1B9A2752AF248CE2&resid=1B9A2752AF248CE2%21123&authkey=AAQTcXmKPvFMf1E

Intelligence

File Origin

# of uploads :

# of downloads :

258

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/48070/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/50d68559290556e9e3524e8aec940a98b4564b57cc2a60f79d4da9a7d1f8de46/

Threat name:

Win32.Infostealer.PonyStealer

Status:

Malicious

First seen:

2020-08-18 17:53:40 UTC

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=kdlikwjjavloty2sj2fozfaktc2fms2xzqvgb545jwu2pupy3zda._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200818-rad9sdr11a/

Behaviour

Suspicious use of SetWindowsHookEx

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Trojan

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/50d68559290556e9e3524e8aec940a98b4564b57cc2a60f79d4da9a7d1f8de46

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 9ac46ab6a553db53dbad4b98b9425f5956ba4d5e3153c9035333a2f1f34c7725

GuLoader

exe 50d68559290556e9e3524e8aec940a98b4564b57cc2a60f79d4da9a7d1f8de46

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/435485/

Dropped by

MD5 410bd58cb850179c943a0b49136b729e

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/48070/

Dropped by

SHA256 9ac46ab6a553db53dbad4b98b9425f5956ba4d5e3153c9035333a2f1f34c7725

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample