MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 acd781dfe44f61dafb6b3fc6f648c4833b96872caca16e7d746c914987979dd5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: acd781dfe44f61dafb6b3fc6f648c4833b96872caca16e7d746c914987979dd5
SHA3-384 hash: 080e4a4fdd8fee6a5c9b951cd91f5802b5ae282b8213e212908dcef0a59702a4df65e7a4167a9c1abea1d69fb662a5a3
SHA1 hash: 0767f26c677da6c111a15f35c77e729c25f9d0f7
MD5 hash: 34f57e2f6815a436ef77441b876dad9d
humanhash: double-mockingbird-blue-neptune
File name:34f57e2f6815a436ef77441b876dad9d.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-09-09 07:23:59 UTC
Last seen:2020-09-09 13:28:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f8ce4a8ef2bca584cba04f63be14b893 (6 x GuLoader, 1 x AZORult)
ssdeep 768:hWSOJKzNf32w5JAZj6AwxXYdKJ0Eug24WOmW4KjolElkPUckVWeHAxXEg9tnZHJ+:3tfmgAwxXuKJ0En24W5W4tJx7/3
TLSH A7836C41F656D535D30481FD1974A5B800EDBC304AD2C98BFA86BEBE18F66F5C62222B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://onedrive.live.com/download?cid=4C3F5C65A99DA195&resid=4C3F5C65A99DA195%21144&authkey=AI8rPgPoqofaXco

Intelligence

File Origin
# of uploads :
2
# of downloads :
227
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/58055/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.54701.9018.14995.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
DNS request
Sending a custom TCP request
Creating a file
Sending an HTTP POST request
Creating a file in the %temp% subdirectories
Deleting a recently created file
Reading critical registry keys
Stealing user critical data
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/acd781dfe44f61dafb6b3fc6f648c4833b96872caca16e7d746c914987979dd5/
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2020-09-08 06:01:48 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vtlydx7ej5q5v63lh7dpmsgeqm5znbzmvsqw47lunsiutb4xtxkq._file
Result
Malware family:
azorult
Create hunting rule
Score:
  10/10
Tags:
trojan infostealer family:azorult
Link:
https://tria.ge/reports/200909-lbepbxwrtj/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Azorult
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/acd781dfe44f61dafb6b3fc6f648c4833b96872caca16e7d746c914987979dd5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe acd781dfe44f61dafb6b3fc6f648c4833b96872caca16e7d746c914987979dd5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/456068/
  
URLhaus
https://urlhaus.abuse.ch/url/456053/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/58055/

Comments