MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 775680d359c5c5490062e223fd9a18e7136657b18cfc349bf1d5f02ac91c8d2c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 775680d359c5c5490062e223fd9a18e7136657b18cfc349bf1d5f02ac91c8d2c
SHA3-384 hash: 92d1e0d7a1a2a6e6900ffe43951f3d9245a4a840751085ecfd5032b5434496cad3c3806e8254d2975617501e414f34bd
SHA1 hash: e4cd60a4aa0ff3c808beda7f50821f655062e370
MD5 hash: 7634fa10a952d375df95e2a57bed1f53
humanhash: illinois-eight-four-mike
File name:New supplier Inquiry and PO 080720505_ DOC.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-08-18 10:04:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c8149470224a75976a8a826a88225a14 (13 x GuLoader, 1 x FormBook, 1 x Loki)
ssdeep 768:jpfzxh6sSefoo0EEjBjjjjjj1Q9jjjj5T2+IDXgmjjjjjjjjjjjjjjjjjjjjjjjF:Bf6spfVmymEilzXQW
Threatray 628 similar samples on MalwareBazaar
TLSH CF836C11B6D4A7F2F3288A745F185FF401FE7D305857CD4338D83E662A36A4985A132B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: smtp.aonbd.net
Sending IP: 117.58.240.41
From: Purchase Vertex Safety A.S <suzetrey@netvision.net.il>
Subject: Re: New Supplier Inquiry Vertex Safety TR Fluids/ Industrial Materials
Attachment: New supplier Inquiry and PO 080720505_ DOC.uu (contains "New supplier Inquiry and PO 080720505_ DOC.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=1B9A2752AF248CE2&resid=1B9A2752AF248CE2%21121&authkey=ADCUw1U1S99RFl0

Intelligence

File Origin
# of uploads :
1
# of downloads :
255
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47664/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/775680d359c5c5490062e223fd9a18e7136657b18cfc349bf1d5f02ac91c8d2c/
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 04:38:44 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o5libu2zyxcusadc4ir73gqy44jwmv5rrt6djg7r2xycvsi4ruwa._file
Verdict:
malicious
Similar samples:
45310ab9b43a84346d6c41c5286fab15c4921920461aa2c58ecf375d6070d4ef
GuLoader
50d68559290556e9e3524e8aec940a98b4564b57cc2a60f79d4da9a7d1f8de46
GuLoader
726156ccca0ba0077df20db0e438db482c7197d69453b890332ed69a9e509352
GuLoader
784de198ef93d833ca1fee15a525d646a632e33e82f69f113d9c79f9bce94dfa
GuLoader
7c3b056caf85497f39a72bcdde137abc70b81612496a358a8627fd4994f84203
GuLoader
c2fad0ca69171eabf05cff3020af18e45b34558b660e5197bdb4c0c072c9cdde
GuLoader
d48bd7c50cc69b4f73766563fde6a1444b64a725acb7b988e75bdc54b945d383
GuLoader
ea816a801d2882a3da04ae2b9ac3e20e0959a95d18dfb17c55bb786b3ba2c743
GuLoader
fd70366a0abed417301e2a312927e5697e8ded01a50c830b408978fb61ff9241
GuLoader
ffe68860d3d4320a2152bb2f3a636eb0f484f9f81a14b112c5f349b7c3d79f76
GuLoader
+ 618 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-h64hc4vxhs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar df85800f7dfcbfe76870d7fe329d11e6206b02e6104c5055bfed3fe0aa02086b

GuLoader

Executable exe 775680d359c5c5490062e223fd9a18e7136657b18cfc349bf1d5f02ac91c8d2c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/434914/
  
Dropped by
MD5 7e7e14e2e84357d3fd384750ef0d5179
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/47664/
  
Dropped by
SHA256 df85800f7dfcbfe76870d7fe329d11e6206b02e6104c5055bfed3fe0aa02086b

Comments