MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04f1d85359b1f2a91da1cbaf29c0dc00a838e69c018a95bda951cff1c482bfa5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04f1d85359b1f2a91da1cbaf29c0dc00a838e69c018a95bda951cff1c482bfa5
SHA3-384 hash: de12ff8025155499fadae05abe79321da175ad100a0eb42c7f701251ed95d1e09f73f2eeec667df9a8218a029d44126a
SHA1 hash: dd0817c0fc509b1c37c068c16044cc99c89902de
MD5 hash: 9a14e0d4839a2a142866ea54108e1e74
humanhash: sodium-victor-floor-nevada
File name:Memo _ Circular.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 16:41:27 UTC
Last seen:2020-05-27 17:49:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8aab61e6cd91d873b179ec1017c92ad2 (1 x GuLoader)
ssdeep 1536:AlIaz88yOw2udbmeforg+GjU8iip5PRe2:64Ow2MbYf8dJF
Threatray 255 similar samples on MalwareBazaar
TLSH 47B3F8137DD84CB6F9759F712D7289A51C32BD383A210B833644FB9E293668E749131B
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: victim-domain
Sending IP: 193.142.58.27
From: victim-email
Reply-To: admin <wiz2018@bk.ru>
Subject: Latest Company Memo / Circular
Attachment: attachments.zip (contains "Memo _ Circular.com")

GuLoader payload URL:
http://windcomtechnologies.com/wizzymax@pakcountrysecurity_wUPewkknfV91.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5718/
Detection(s):
SecuriteInfo.com.Variant.Jaik.40167.22566.14535.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 07:59:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
82621455e0c9ed9c46f6947beeaf2c5a6962a035eea50b337fad6368b5a6485b
GuLoader
82bb3e9ec03f5237ed521effee5b1825b59e31be522e71a05c129676e60839ee
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
e6424f9012e6a4baa96bb4fff1ba8a3a85f0b2565218e848f30492eedc7fda51
GuLoader
e76ee0db44278c0742805ce66786923629cad847ee8c650214a36a1ebda37c69
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 245 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-jbmt45k4d2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 878127705f8419c3e06a02a7e00fd4dceadf183b917b2fc3a39d1c4e4df7955e

GuLoader

Executable exe 04f1d85359b1f2a91da1cbaf29c0dc00a838e69c018a95bda951cff1c482bfa5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367439/
  
Dropped by
MD5 df73ab050b891ba2bf3abb043e25eabf
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 878127705f8419c3e06a02a7e00fd4dceadf183b917b2fc3a39d1c4e4df7955e
Cape
Cape
https://www.capesandbox.com/analysis/5718/

Comments