MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 533d468a0feb495dc12aa8d399844ebdb03c56eab5b04fbdadc4fa65c68138cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 533d468a0feb495dc12aa8d399844ebdb03c56eab5b04fbdadc4fa65c68138cf
SHA3-384 hash: 16530eb4464dbbb1c7659d8d9ccba4a2e36eb00333b990f7b031cbe6e364d11cf9a3da0cca6a8c68d664dd84f71aa853
SHA1 hash: 3b8625d518c5be5fcf617e06e14d584145d88290
MD5 hash: 742af44a98bb358463a97e51c8d54fad
humanhash: gee-low-sink-fish
File name:purchase list.pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'932 bytes
First seen:2020-03-30 16:40:11 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 384:zIBGhKj35SR8cAcDPkyOrkMdqTBPvdIM3T/26TL2icN9cv12C2fLOA:sYhKMx3PrGIBPvaL6u/gd2C2jOA
TLSH 78B2E170EBC7C1FBAA5DFCB797825A57938A2178084E453608AC8350168CE7397D6B1E
Reporter abuse_ch
Tags:COVID-19 GuLoader gz


Avatar
abuse_ch
COVID-19 malspam campaign distributing GuLoader->AgentTesla:

HELO: hhs.gov
Sending IP: 209.58.149.66
From: Sheila Conley <sheila.conley@hhs.gov>
Subject: URGENT NEED: U.S. Department of Health & Human Services/COVID-19 Face Mask/ Forehead thermometers
Attachment: purchase list.pdf.gz (contains "purchase list.pdf.exe")

GuLoader payload URL (AgentTesla):
https://onedrive.live.com/download?cid=7A5E689DD1DC641F&resid=7A5E689DD1DC641F%21107&authkey=AE9g4jRbU5iqkJ8

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 15:32:18 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=km6uncqp5nev3qjkvdjztbcoxwydyvxkwwye7pnnyt5glrubhdhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 533d468a0feb495dc12aa8d399844ebdb03c56eab5b04fbdadc4fa65c68138cf

(this sample)

AgentTesla

Executable exe 668c31c58c0816f31b863d088cb88ff43f7c69aeae0e21734f96dd9a5992a872

GuLoader

Executable exe 97e961ffd1883624c6629f8e621d86ac6388751a15a851c33eb12006ab9e1bff

  
URLhaus
https://urlhaus.abuse.ch/url/332150/
  
Dropping
MD5 7742d378ed84a9d448428470298de3b9
  
Dropping
SHA256 97e961ffd1883624c6629f8e621d86ac6388751a15a851c33eb12006ab9e1bff
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 97e961ffd1883624c6629f8e621d86ac6388751a15a851c33eb12006ab9e1bff

Comments