MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a50e61518bd6d7d992ddd12e25cf7b0e190354c8de9043d201161757424c59a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a50e61518bd6d7d992ddd12e25cf7b0e190354c8de9043d201161757424c59a8
SHA3-384 hash: fb4914280ab0bf86b6add7f7f3c561a58d3d74c6a13f3643eb35b39c076332b1bfab43195edbfba1dcf28e4423f02070
SHA1 hash: e1609b3a179ace6d8ee60c07199558de2c763a04
MD5 hash: 037e306025ac3d02471dd0aa6660a7c7
humanhash: six-dakota-happy-oscar
File name:Order_97F6D.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:135'168 bytes
First seen:2020-05-12 14:12:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0969c9b7ac63aec0605fbc36620666a3 (1 x GuLoader)
ssdeep 3072:BT+l5akPKdfq4mGwAj6bd8fa2UcUwgLxU5myP2tqWJkPRRbEMqKJSaRu9QsXcRfP:Bk9
Threatray 179 similar samples on MalwareBazaar
TLSH FAD37447E260FB12C34110F177A956EE82EC9D785969C503E7C1B2EE67B9B09E432393
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.PonyStealer.im0@oS5mHlhb.24271.7628.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ponystealer
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 14:04:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
7 of 48 (14.58%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uuhgcuml23l5tew52exclt33bymqgvgi32iehuqbcylvoqsmlgua._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0c780ce6cb4281a12cf329e18bdf36b987e34dd15379a4c2f6f8e03ba56e13be
GuLoader
11de084924b529df84b9c2c04845a186f10c8a0475e34f6eb379d949f35756fe
GuLoader
146de084ff60046edb599a6f8ae1503aa2a7f39c550807e9af069c2e8c9ea34c
GuLoader
52aeea8a255442f1560a6c237fb9c6d5223e7de9eb3340d29f81803df963ee8a
GuLoader
55897dc537d308842906dbf8bffde6eb846cdd6b5e9584d7efcbe7c342d5e699
GuLoader
692dc7ac48dfa381cd7f860236876e3621af2e1dc984b8f14cad498e412e88d8
GuLoader
93094d62b24b020cc2b39482466e3df5a172d7e35b03fb4dadb120fa1f238fa0
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b74e722c4a7b85d49e9c25991528d742161a1ae76c860e001868b1918dc66222
GuLoader
e92e8fd2f291f75954d7417f414bb08e8fd5b015773798ab9743426685dab322
GuLoader
+ 169 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-sbwtn32tws/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ab38f8db003cf9e23516af7d3bf0ca552dd3702a2c91865b16b6411816a2234e

GuLoader

Executable exe a50e61518bd6d7d992ddd12e25cf7b0e190354c8de9043d201161757424c59a8

(this sample)

  
Dropped by
MD5 c2b40150af5e77f1a2951513ecf5daf3
  
Dropped by
SHA256 ab38f8db003cf9e23516af7d3bf0ca552dd3702a2c91865b16b6411816a2234e
  
Delivery method
Distributed via e-mail attachment

Comments