MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea816a801d2882a3da04ae2b9ac3e20e0959a95d18dfb17c55bb786b3ba2c743. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	ea816a801d2882a3da04ae2b9ac3e20e0959a95d18dfb17c55bb786b3ba2c743
SHA3-384 hash:	04b76a5914e0020601727eb0077dec67ac157240bc09d52d9f5c45f262ba6cf700fb61325b7c9d903ce008001c571935
SHA1 hash:	2069c1d3c40be6648f074e69a2b2652577296990
MD5 hash:	2cf65f26baf289b04242fa0d64b9a08d
humanhash:	muppet-video-pennsylvania-timing
File name:	New supplier Inquiry and PO 080720545_ DOC.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	81'920 bytes
First seen:	2020-08-18 06:24:38 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c8149470224a75976a8a826a88225a14 (13 x GuLoader, 1 x FormBook, 1 x Loki)
ssdeep	768:YpVnbtVtvh8B0r8eiH1f0J49/jyqTN3SsZWRJmdCUBJU+zlUkZryNb0j/tzn:kbjthIxH1fn5xFZWq7UhCXj/F
Threatray	599 similar samples on MalwareBazaar
TLSH	53833846B5C8A6F3F61A4E736B155FF012DE6CB018A2CE4374C83E592A77A01C56233B
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: smtp.aonbd.net
Sending IP: 117.58.240.41
From: Purchase Vertex Safety A.S <suzetrey@netvision.net.il>
Subject: Re: New Supplier Inquiry Vertex Safety TR Fluids/ Industrial Materials
Attachment: New supplier Inquiry and PO 080720545_ DOC.uu (contains "New supplier Inquiry and PO 080720545_ DOC.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=840D3B1CBE15D5F3&resid=840D3B1CBE15D5F3%21105&authkey=AE3W0A_GASV9p1g

Intelligence

File Origin

# of uploads :

# of downloads :

253

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/47521/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ea816a801d2882a3da04ae2b9ac3e20e0959a95d18dfb17c55bb786b3ba2c743/

Threat name:

Win32.Infostealer.PonyStealer

Status:

Malicious

First seen:

2020-08-17 12:03:29 UTC

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=5kawvaa5fcbkhwqevyvzvq7cbyevtkk5ddp3c7cvxn4gwo5cy5bq._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200818-fcsejlef7s/

Behaviour

Suspicious use of SetWindowsHookEx

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar b7842e1be9570c68703eb39f52108fb03cc55a110b3fa349852b9dc0d9ac08c6

GuLoader

exe ea816a801d2882a3da04ae2b9ac3e20e0959a95d18dfb17c55bb786b3ba2c743

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/434550/

Dropped by

MD5 449941db7f6f1974a9e84dd2ffb09825

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/47521/

Dropped by

SHA256 b7842e1be9570c68703eb39f52108fb03cc55a110b3fa349852b9dc0d9ac08c6

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample