MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 784de198ef93d833ca1fee15a525d646a632e33e82f69f113d9c79f9bce94dfa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	784de198ef93d833ca1fee15a525d646a632e33e82f69f113d9c79f9bce94dfa
SHA3-384 hash:	244cf24116160c0fefe964145eb87ee8aa69cc7d1dc64c97b9858299854136940a7599937edbda861efff8a1cb8a2cc7
SHA1 hash:	a27af7ac54efbdf315cea0bd608d43885e089d1f
MD5 hash:	b359648a383b0bcbbe73048a6241378f
humanhash:	tennessee-emma-princess-seventeen
File name:	SGN07752816.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	81'920 bytes
First seen:	2020-08-18 08:53:34 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c8149470224a75976a8a826a88225a14 (13 x GuLoader, 1 x FormBook, 1 x Loki)
ssdeep	768:MEaiM5p4H2+mjSKEniKBd5F1MzGyE1AjFsXsem4ZWNQ8mJZ81C08fkBM5:fWp4DDnhBd5F1MSyEajGcI1J+dUkBW
Threatray	14 similar samples on MalwareBazaar
TLSH	AB834B52B5D896F7F3D84BB12E644EFA08FA7C341891CA4735D83D8D2573A04C92132B
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: slot0.agrichen.com
Sending IP: 104.168.146.136
From: ppa. Thomas Rawe <info@agrichen.com>
Reply-To: thomasrawe@kraftcurring.com
Subject: Quote Price
Attachment: SGN07752816.IMG (contains "SGN07752816.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=8E778D4A23C91A07&resid=8E778D4A23C91A07%21262&authkey=AOwbQzbkp3_r_ZQ

Intelligence

File Origin

# of uploads :

# of downloads :

248

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/47619/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/784de198ef93d833ca1fee15a525d646a632e33e82f69f113d9c79f9bce94dfa/

Threat name:

Win32.Infostealer.PonyStealer

Status:

Malicious

First seen:

2020-08-17 14:28:49 UTC

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=pbg6dghpspmdhsq75yk2kjowi2tdfyz6ql3j6ej5tr47tphjjx5a._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200818-wh57g54qv2/

Behaviour

Suspicious use of SetWindowsHookEx

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 201c1781eda88bc2a41ecf313bf6a33decd09339b6406aafa6f9be0dc36d05b9

GuLoader

exe 784de198ef93d833ca1fee15a525d646a632e33e82f69f113d9c79f9bce94dfa

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/434637/

Dropped by

MD5 339f45951804433d30a1ed948696eb2c

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/47619/

Dropped by

SHA256 201c1781eda88bc2a41ecf313bf6a33decd09339b6406aafa6f9be0dc36d05b9

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample