MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4219ea9690a8264a7d85b81334d313e6a8a1a41a3d63cbadfabf1e7f37516881. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4219ea9690a8264a7d85b81334d313e6a8a1a41a3d63cbadfabf1e7f37516881
SHA3-384 hash: bd4c152ff08e4dd5bcba48ae65eeb8b5240eb08c62b70328cd42989ec62677a12028eef073d7419efcdf45ab2f440a78
SHA1 hash: 1216b768968663c889e2f0feae85802526007f89
MD5 hash: b4af9ae0adc403e0f5d98169abf5053d
humanhash: kitten-failed-mobile-papa
File name:product list.pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'363 bytes
First seen:2020-04-01 10:28:17 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 384:u0v4DA2EQH+xJfnKSM7/Cg1o7gmCfhek0tgsJ6qTtmvYa2kj8qZcpswawHNaMWOi:u0v4DA2Wx9KacolTk0tGqTtmv+qZcps/
TLSH B3B2F19E3CB2FF19D9742299C1A57C77442BF389BDD1913B39AF40A13250D8DA46F181
Reporter abuse_ch
Tags:COVID-19 GuLoader gz


Avatar
abuse_ch
COVID-19 themed malspam distributing GuLoader->AgentTesla:

HELO: goldmedicalsupplies.com
Sending IP: 209.58.149.66
From: Sheila Conley <info@goldmedicalsupplies.com>
Subject: URGENT NEED: U.S. Department of Health & Human Services/COVID-19 Face Mask/ Forehead thermometers
Attachment: product list.pdf.gz (contains "product list.pdf.exe")

GuLoader payload URL (AgentTesla):
https://onedrive.live.com/download?cid=AE80108520D75992&resid=AE80108520D75992%21108&authkey=AAVaAf29YqFJ4Z0

AgentTesla SMTP exfil server:
smtp.1and1.es:587 (212.227.15.158)

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 02:30:00 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iim6vfuqvateu7mfxajtjuyt42ukdja2hvr4xlp2x4ph6n2rncaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 4219ea9690a8264a7d85b81334d313e6a8a1a41a3d63cbadfabf1e7f37516881

(this sample)

AgentTesla

Executable exe b788eb3fa4068c4846abac921c00bb9142ce5f19944553055603d1a174aed5a0

GuLoader

Executable exe 57acb5d89c02230f16fa4223e779f5defcb924a9e42ac05c245f91561c1c7fe0

  
URLhaus
https://urlhaus.abuse.ch/url/333129/
  
Dropping
MD5 30007fe97db1f5b971f219a10d5d9c44
  
Dropping
SHA256 57acb5d89c02230f16fa4223e779f5defcb924a9e42ac05c245f91561c1c7fe0
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 57acb5d89c02230f16fa4223e779f5defcb924a9e42ac05c245f91561c1c7fe0

Comments