MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c14116bd7441df6b840975278ac569beee3dae4d88df99e89c3e0ae21777273. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c14116bd7441df6b840975278ac569beee3dae4d88df99e89c3e0ae21777273
SHA3-384 hash: fdac1f77318d3a72cce455109aa4fa795ac7615cd5cced11227c524199b86552cef30fe9b2d440f85f4e0d6cf520b935
SHA1 hash: 00d7a334c1c01a5c2c1376fd264a95b2e5cc1bbc
MD5 hash: e56b283a0db76a186cd31aa30643d06d
humanhash: artist-ceiling-alabama-georgia
File name:FR-3000892.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:29'781 bytes
First seen:2020-05-26 08:57:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:E1bmyFc0oHcxjiH/g0zp7zPxDZfuhvduv4Ls49seb1va:ElePPg0zp7zxkvdu6V9py
TLSH C0D202584FD26AC0984DD6AC5BC734BEB9B0652A39961B7DD32B99DDC980C03326B302
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: disgol.vservers.es
Sending IP: 188.164.197.117
From: Administracion <info@fedizseguros.com>
Reply-To: info@fedizseguros.com
Subject: Facturas
Attachment: FR-3000892.zip (contains "Glandsenkind.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=15z3IU3YsgsTctUge2aPmPCuWbtlJ2C7t

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Guloader-7900546-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:36:44 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 1c14116bd7441df6b840975278ac569beee3dae4d88df99e89c3e0ae21777273

(this sample)

GuLoader

Executable exe 4f0f104299369b56354ff801426027cb3a4e1fa6a0ddfb4b2beba09b0b6a4db8

  
URLhaus
https://urlhaus.abuse.ch/url/368751/
  
Dropping
MD5 1f0d82294c833434c600d5ada299e88c
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4f0f104299369b56354ff801426027cb3a4e1fa6a0ddfb4b2beba09b0b6a4db8

Comments