MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9099578cd8445c3215cc256f40bd04b4b83aaa3a0c3e9164441d114b3af802bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9099578cd8445c3215cc256f40bd04b4b83aaa3a0c3e9164441d114b3af802bc
SHA3-384 hash: c0291ebe6e39df7b8702a58b06acf0436fd3f074aa93584301f13718a0411aeffc5c5c1ae9c4dfdf4d56cddfb87f312f
SHA1 hash: 04536d452e5fc862b69d8597bc2f5c1864ff48d0
MD5 hash: 4a392cffaac13c1b54624058db5e6d04
humanhash: cardinal-thirteen-stream-magazine
File name:P O 1105D.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:196'608 bytes
First seen:2020-05-28 07:35:25 UTC
Last seen:2020-05-29 08:40:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b2f5fa54b8bd89193538c3075513785f (1 x GuLoader)
ssdeep 3072:TO05FXEh6VpeOHCiG1ErSeyDNDxNtTpRI/u:TO0z0h6VA3DeyhD3tTU
Threatray 136 similar samples on MalwareBazaar
TLSH F6144D33B666CCA1D98544B4D8D1C8F92561BC18C9074E2BB6C07F2F76B6183AA73637
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mout-xforward.kundenserver.de
Sending IP: 82.165.159.9
From: info@ag-praevention.de
Subject: Re: New order 80636
Attachment: P O 1105D.zip (contains "P O 1105D.exe")

GuLoader payload URL:
http://156.96.118.179/AWELE-RAW_GTWfCx233.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Azorult
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5841/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDX.11466.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 08:35:06 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0b1dbd3162f501371ca4d99f39e0ad1631ab1d9698bf19bdd45163319fc0310b
GuLoader
14ae7654cdca531998549d66f162a7d82ddf752289c6f599f3d2e8b7d5b918b4
GuLoader
15d5be42969f8c721f755e17bacdce7a02d12838134d441b1a99bcdee928bd85
GuLoader
1edf8c6bcf0ae2b38e9e28bcb1fd838c2ea35b5b126e4bc9e42daa2e1e722298
GuLoader
72da06afa192a25cd6794024139a257d5b19eed726763a9014fc8bb28f2f47db
GuLoader
8dd156ec1ebb073ea1d8f503df00c1d59a1751488284df32915cd5ba064f1312
GuLoader
a01fab213d5638b27a184eafedc18fbf43ef0dcd608e70bcd0ead3c506104611
GuLoader
cffb56dddf9b596328082781400f1b5a1d7a995719c78dbdcbe41b026c86010b
GuLoader
e1ef53521aed004fe790b232883a12cb5f241ead4c81718b08ac0150323563d4
GuLoader
ee86f083fdb8d5e2f4d1d609faf964fa08a01875bc0abb364aeb09bb83c35f8c
GuLoader
+ 126 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-a77k4h69ke/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 568ff1a3297bfbc3a8b9fa4bf2d281f7173fd3797fa9a174dd6a080e447c426f

GuLoader

Executable exe 9099578cd8445c3215cc256f40bd04b4b83aaa3a0c3e9164441d114b3af802bc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369174/
  
Dropped by
MD5 7f6f47e754dd1013de5a75237de17859
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 568ff1a3297bfbc3a8b9fa4bf2d281f7173fd3797fa9a174dd6a080e447c426f
Cape
Cape
https://www.capesandbox.com/analysis/5841/

Comments