MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e05f05fb070ab182f3f8daadedde9b58ba9ab1c9bf0dd66bd2e8a5a9ac63f479. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e05f05fb070ab182f3f8daadedde9b58ba9ab1c9bf0dd66bd2e8a5a9ac63f479
SHA3-384 hash: 29bc75f07ee8c57b281c2ac43f0f69f01cff410bdfa273389bea3cd858a95ccaffbc2ad5f69472b3721b285bd6b736cd
SHA1 hash: a6363d7ff13cf87e9de6f9eb21cf946e88397d7c
MD5 hash: a8f7b0bcfae637df74f3721f2f668d34
humanhash: magazine-mirror-grey-lactose
File name:New-Order Gima.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:57'344 bytes
First seen:2020-08-06 05:48:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fe301861a82840a1918a56118414deb8 (1 x GuLoader)
ssdeep 768:zNqGkX5ttIqVZ24d5kiIBt1TIU6L7/MFdSpHwz6m8oAxSO:zh45jImfatef0yH/wO
Threatray 5'137 similar samples on MalwareBazaar
TLSH 3A43E613A2F4F27DE16147F16F5042AB41F97F321512B85BA6882E9E4B32D5FA06031B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: outgoing2.jnb.host-h.net
Sending IP: 129.232.250.56
From: IMS - Internasjona lmatsenter AS <posta@imsonline>
Reply-To: ahmetyavuz@baktat.com.tr
Subject: New order IMS NO // PO 001 - 06.08.2020
Attachment: New-Order IMS NO.img (contains "New-Order Gima.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
132
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/40073/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/412141
Signature
Initial sample is a PE file and has a suspicious name
Potential malicious icon found
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e05f05fb070ab182f3f8daadedde9b58ba9ab1c9bf0dd66bd2e8a5a9ac63f479/
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2020-08-06 05:50:06 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4bpql6yhbkyyf47y3kw63xu3lc5jvmojx4g5m26s5cs2tldd6r4q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0638b1723d45eb9fbbf4db0428aeb59b08da4082779c361ae881445ef35bb6d4
GuLoader
0abe72d915f50b2a21fc3cafc52152db81bef2a16be4ccde68e64942bf927af1
GuLoader
7095eec286427d0c168ef01a9d20e741032194cd9e4fb607c02a55c0a1df29c5
GuLoader
8cd14212205658092f91a376a85fb70802200671ea0cbc74b73f1fcaf0f88ddb
GuLoader
92574e92ed7461639393ef09258609b637fc5e68341c5fe13e460f2dff705d0d
GuLoader
97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3
GuLoader
b5ee70ba14a2bcb9936bd64d99ce7b51785ba328b16a0be49d47c10cba17980c
GuLoader
d7083f1007834bbc16f0b6d2ee0e1e2b9e79a04af2a2e21f2d2682c9dff939eb
GuLoader
dc390cfb0419c5a93c339e395061b5ed5d9d7b08995680552d409c8f8302a109
GuLoader
e273d82c782a01c388cc619e6832bfb43301f4308884751b9393262302fc84c0
GuLoader
+ 5'127 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200806-g4sz7rhxln/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/e05f05fb070ab182f3f8daadedde9b58ba9ab1c9bf0dd66bd2e8a5a9ac63f479

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 38f28ec047f6697180e13197c394304a83a58b76f6727f1352db0f7ea6312139

GuLoader

Executable exe e05f05fb070ab182f3f8daadedde9b58ba9ab1c9bf0dd66bd2e8a5a9ac63f479

(this sample)

  
Dropped by
MD5 73bee56389b465891474787287a57edf
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/40073/
  
Dropped by
SHA256 38f28ec047f6697180e13197c394304a83a58b76f6727f1352db0f7ea6312139

Comments