MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e511d66664d13e1276eb5d08ea2e48e004a614d114f2b35c2a742912694dfd7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e511d66664d13e1276eb5d08ea2e48e004a614d114f2b35c2a742912694dfd7
SHA3-384 hash: 2fe2e1c52403e386fa2e02b7c8629ccd767623eea8ecdb3628e84120bf97f1ab5a10f0f413a5d8a93546fe9e20b66a83
SHA1 hash: aca4a3a8ec9f92c2842114e28bc6d4cdcd4f1472
MD5 hash: 246fb8118feef332c1173319c291daaa
humanhash: pasta-jig-chicken-aspen
File name:Product Inquiry.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-08 09:20:59 UTC
Last seen:2020-06-08 10:22:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9368208d489eb7b8a97e54906b954dab (1 x GuLoader)
ssdeep 768:KGysfNpuRnnPilTjATM5glUPNe8TfnTkRXQJtEWx4Be3KOFBGkF/z7geoylsET+5:KGysFY6TjMblUVP0goKKnkFv6K
Threatray 6'032 similar samples on MalwareBazaar
TLSH 7773AE032C05D552F00183B26D938F8627537938EA067E977A992FBFEC747C269A532D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmail.com
Sending IP: 156.96.62.50
From: jitesh Iyengar <jitesh@gmail.com>
Reply-To: snice7312@gmail.com
Subject: TOP URGENT...: AW: AW: Product Inquiry
Attachment: Product Inquiry.gc.zip (contains "Product Inquiry.exe")

GuLoader payload URL:
http://simayesarbedar.ir/chucksfb_DZUqBE52.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6973/
Detection(s):
SecuriteInfo.com.Variant.Razy.681950.17537.437.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2020-06-07 22:23:38 UTC
AV detection:
23 of 26 (88.46%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lzir2ztgjuj6cj3owxii5ixeryaeuykncfhswnocu5bjcjuu37lq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d
GuLoader
2ad7a9c76778a5cbbf458819852689c82153acca51da8fe58eed37c126d5b755
GuLoader
4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
70399b135fa0365dae66a01b072dd8614be73c7ff2b4cc51caeeef64dfc60ef5
GuLoader
8078d97844b57f9ee1521ac19ed0382b13c249a5fc9440d72e032589d1bf1280
GuLoader
c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0
GuLoader
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
GuLoader
ee4ae13d3fd3b58d86e270db11937476b4b7add1673983c2c28ed4d7dcc75552
GuLoader
f8eba2fe120aa64939010e6c31a63a7c12e97952c55bd29fd441f2139d9b7acd
GuLoader
+ 6'022 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-x3lxb96gdn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 7fd104b132daba5bd4935ea1c8106588519167461fa53c00c62282ece45ed587

GuLoader

Executable exe 5e511d66664d13e1276eb5d08ea2e48e004a614d114f2b35c2a742912694dfd7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383061/
  
Dropped by
MD5 9ffca95b80eef63a472cddbb7c6e165c
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6973/
  
Dropped by
SHA256 7fd104b132daba5bd4935ea1c8106588519167461fa53c00c62282ece45ed587

Comments