MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 acd0bf290ff756a624b8256baa018e98b4c461dcbd653e940b1d895bdeb1b561. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: acd0bf290ff756a624b8256baa018e98b4c461dcbd653e940b1d895bdeb1b561
SHA3-384 hash: e235fcb50e8ac6507213209cb76670febfdcae48726dac16c29f0db19880dbee8bf5b875469e013edba30aa75047b179
SHA1 hash: 6334a90a04cfa553e293cdfd885ec443b5d42b71
MD5 hash: 21a8dc04d78957654fe3fff6eebf5270
humanhash: twelve-kansas-salami-magazine
File name:proforma invoice.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:26'000 bytes
First seen:2020-04-05 17:01:49 UTC
Last seen:2020-04-06 06:29:56 UTC
File type: zip
MIME type:application/zip
ssdeep 768:QFwuUfalCgrZytRVCFgv/NsiF/a7CNKdPH/wiH:xjalCgrZytR+q/xFe8MH/lH
TLSH A7C2F03B5D818330A6FBFC323C8FBD41F2864D636C4D955B592892E36E96631B60270C
Reporter abuse_ch
Tags:COVID-19 GuLoader zip


Avatar
abuse_ch
COVID-19 themed malspam distributing GuLoader:

HELO: osakastainless.com
Sending IP: 103.99.1.149
From: Accounts <alt@osakastainless.com>
Subject: PROFORMA INVOICE 5974080 - RE: PO 019273682
Attachment: proforma invoice.zip (contains "proforma invoice.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1pEWWpbrZj-EhKgofuDAN34KdGhRFb8ns

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Minix-7652403-0
Create hunting rule

Sanesecurity.Malware.23890.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-05 11:27:25 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
21 of 47 (44.68%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vtil6kip65lkmjfyevv2uamotc2miyo4xvst5faldwevxxvrwvqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip acd0bf290ff756a624b8256baa018e98b4c461dcbd653e940b1d895bdeb1b561

(this sample)

GuLoader

Executable exe a16deb69d9cd6cf259639a9584dbe98c0bc73395559f9afef7d9dc2784bb803c

  
URLhaus
https://urlhaus.abuse.ch/url/335199/
  
Dropping
MD5 1dc262d2ef81acaadbdcb9b423dd86af
  
Dropping
SHA256 a16deb69d9cd6cf259639a9584dbe98c0bc73395559f9afef7d9dc2784bb803c
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a16deb69d9cd6cf259639a9584dbe98c0bc73395559f9afef7d9dc2784bb803c

Comments