MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad3cc0c05d4a7f42dba42a7bc414b78d50e3279d4ac40cdeda7d893c50020231. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ad3cc0c05d4a7f42dba42a7bc414b78d50e3279d4ac40cdeda7d893c50020231
SHA3-384 hash: 965abec922d36b31e73a2095875fb730a4c0f6628a26ac69a5542499fece7453db3a144056e5f3b482c0ab69e5c4fe17
SHA1 hash: 3c14cdd055510e53b67c9213ff5b5cbc4471d4bc
MD5 hash: b5a43e5ef451dc0163f0d50db8d39df3
humanhash: robin-shade-golf-kitten
File name:PO#16332-2020 for check.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 06:35:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 344414ed291992f82060569b76abc960 (1 x GuLoader)
ssdeep 768:bPbu1aL3mNtlrHBOj071vE+bYddYLSd1gbZTHi6JjogJ0uForUsz57dibK0FoE:bDuRtSjldYWIbZriajd3lM5hibh9
Threatray 948 similar samples on MalwareBazaar
TLSH 64739E47A804E253F0104AB12C539FB81B1B7C3C4A81BF4FB19D6E6BE4756926DBA13D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vfc.com
Sending IP: 103.89.88.225
From: kimberly<kimberly_poland_smith@vfc.com>
Reply-To: legitworld04@gmail.com
Subject: purchase Order Acknowledgement 84740700 PO # 16332 for $156,000
Attachment: PO16332-2020 for check.zip (contains "PO#16332-2020 for check.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7245/
Gathering data
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 06:37:03 UTC
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vu6mbqc5jj7ufw5efj54iffxrviogj45jlcazxw2pwetyuacaiyq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1429990eae383b4fe77004519357e8844c118790f51a5f471c2cac517c07a4fe
GuLoader
229d8d98a701a24e93b4e374092a5ce767fb859ffbc243cea9c1486b871dd4fb
GuLoader
26518576080145b7c37b414a3bc13dfcb80444748354ff81c29c1b185f626c00
GuLoader
61422e082aca1bb6a4abd3271332453993bbb320a08fa39941bd1cecf16159d3
GuLoader
631c795e9e20bfd8d33a2ecc2d8e1e22f925eb2aff8f052904bd779a66ccaada
GuLoader
93dc44981a771519cbdf592c8391ada5234cd2f6c19fc0bb4b3233867db9a345
GuLoader
96bba127b43b518ff8714242dee393e5aa7aabff75a6df80cf45d9da1dbbdc94
GuLoader
b5bd9240b7a811177610996661c9fc7b8e9e3b5e0eb6668c7f6cc17b1185f625
GuLoader
d213c80671d27596824def5ecb513b07e2118bd110e1230ed68aa4daab49bcc6
GuLoader
efecbafe7ddfe1306dac292dbd23be0caf62c5423a4c7a91086b0ca194a5e3ed
GuLoader
+ 938 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ba5r6sj6gj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip fac3f134739b88366d0c307fad826490bf72207d328157d5a66891186a4e50ae

GuLoader

Executable exe ad3cc0c05d4a7f42dba42a7bc414b78d50e3279d4ac40cdeda7d893c50020231

(this sample)

  
Dropped by
MD5 e822b3cfc4d91e73f31cc374762fd422
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7245/
  
Dropped by
SHA256 fac3f134739b88366d0c307fad826490bf72207d328157d5a66891186a4e50ae

Comments