MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f0f104299369b56354ff801426027cb3a4e1fa6a0ddfb4b2beba09b0b6a4db8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f0f104299369b56354ff801426027cb3a4e1fa6a0ddfb4b2beba09b0b6a4db8
SHA3-384 hash: 5fd75d1adcc232e5e0cfe31bfedde50cb2fbc3b0dae363feefed7848864474d9ba023facc230881e528173723e521b33
SHA1 hash: 85b2f4b6a7193a9fa8b8f47784d4cab85f4c90a9
MD5 hash: 1f0d82294c833434c600d5ada299e88c
humanhash: kentucky-fourteen-ack-kansas
File name:Glandsenkind.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 08:57:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a3d78209cdf96a2bb445f0a5cbe75d00 (1 x GuLoader)
ssdeep 1536:VqvgGUTCch6jfNRXdlsbBGiHoyLIsMg8jFjH:QvghjhaNBdl3OLJM1
Threatray 5'119 similar samples on MalwareBazaar
TLSH DBB3090379D86DF3ED344FB154748AA02D77EC259D804E073641FB2E98B7ACD24A879A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: disgol.vservers.es
Sending IP: 188.164.197.117
From: Administracion <info@fedizseguros.com>
Reply-To: info@fedizseguros.com
Subject: Facturas
Attachment: FR-3000892.zip (contains "Glandsenkind.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=15z3IU3YsgsTctUge2aPmPCuWbtlJ2C7t

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5658/
Detection(s):
Win.Malware.Guloader-7900546-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:36:52 UTC
AV detection:
21 of 30 (70.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
172842029f8937753e79843e36fcb4715c0f3a9de4b256585847df48caf8e10f
GuLoader
2084e95f6624b243760b5ac8e5f486168a84a08cb0d71b285f01720ebd77ee8f
GuLoader
3490dfb2560aed5d468605fbba8d770eeee2a336de3fd7e4a18f22afcad5bc44
GuLoader
9570f894ec4059802c7b154a4b4dba22a57229a780b375c74a8a3107d9125bb4
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
aa00f82fb3dd04417a278bc9362becdf39fcb3e4e23893327e16a8792334635f
GuLoader
bbbfb4d66a6d1ff1fb9f476cc8607a2a0b1a0bb27bdaba095a3715489d8e4315
GuLoader
bc7549c1281f3ce45abcaad7408522374c97421e9031998b7959bd5e59b27a93
GuLoader
de4c63e318ebc447867be364c7a8d9250674a6449935a2eb12fae89543520485
GuLoader
f9389b3ae99666514bbe467217ebd46597e6d2e919f105697a152afe1da73e18
GuLoader
+ 5'109 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-v1l61qn4en/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 1c14116bd7441df6b840975278ac569beee3dae4d88df99e89c3e0ae21777273

GuLoader

Executable exe 4f0f104299369b56354ff801426027cb3a4e1fa6a0ddfb4b2beba09b0b6a4db8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368751/
  
Dropped by
MD5 e56b283a0db76a186cd31aa30643d06d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1c14116bd7441df6b840975278ac569beee3dae4d88df99e89c3e0ae21777273
Cape
Cape
https://www.capesandbox.com/analysis/5658/

Comments