MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42935c265d012ac561ef7f47446425ae8a430afa20d4065538533d98ef5ece98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 42935c265d012ac561ef7f47446425ae8a430afa20d4065538533d98ef5ece98
SHA3-384 hash: 41c4295899eb7034466aaebfe1e7a0ae9e38377019673388e37e8bbbcf4fd59a25f62a0dff9d3a9999987138cb3addc7
SHA1 hash: 87a2c148271cf7bd9586a8af07d1e2ad69fa1cbd
MD5 hash: 053e5e0b3b43bd65ac1c8637d5e1ab32
humanhash: blue-butter-north-cold
File name:Covid19 guideline.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:39'744 bytes
First seen:2020-03-30 11:41:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:dfPFV059oMRed0X/r3GuKDc6oh+7FdWPuvFIFoYt9Y6IdRqRtULsuUZf:xT0fFjXCO6K+7FQPu9I1YZqROLsf
TLSH AA03F1658B2B1CE96B814DB521EED35415CEEA80DDF63B50CC44E3EE7AC1C46807AB86
Reporter abuse_ch
Tags:COVID-19 GuLoader rar


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: ns1.mt-admin.pw
Sending IP: 64.227.16.83
From: Admin<admin@hamptonsteel.co.uk>
Subject: Re: Important COVID-19 Working Procedures
Attachment: Covid19 guideline.rar (contains "Covid19 guideline.exe")

GuLoader payload URL (AgentTesla):
https://drive.google.com/uc?export=download&id=1lMCSSp7lD50F8ujmhURcjsUMMmkzh7Tw

AgentTesla SMTP exfil server:
mail.sjosepneus.com:587 (188.93.231.97)

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-29 14:20:20 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
28 of 46 (60.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ikjvyjs5aevmkyppp5duizbfv2fegcx2edkamvjykm6zr326z2ma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 42935c265d012ac561ef7f47446425ae8a430afa20d4065538533d98ef5ece98

(this sample)

AgentTesla

Executable exe 4163583794b9438194fedb4ca287e30d0c540c8c615e43613ada022534606ac9

GuLoader

Executable exe c9fa8e9c44e5fb934569771f39093e4ba7b66dcb2204b51fea382f0065d6c240

  
URLhaus
https://urlhaus.abuse.ch/url/330811/
  
Dropping
MD5 805a5fbe3c90167545b1bfd60a5db873
  
Dropping
SHA256 c9fa8e9c44e5fb934569771f39093e4ba7b66dcb2204b51fea382f0065d6c240
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c9fa8e9c44e5fb934569771f39093e4ba7b66dcb2204b51fea382f0065d6c240

Comments