MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 100ff377cfec636117efb72fc15f3c5ff5a7c1df0550b94db14659ee06c4f357. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 100ff377cfec636117efb72fc15f3c5ff5a7c1df0550b94db14659ee06c4f357
SHA3-384 hash: f993850568599af0877826e1185e5075a3b333b49754649315278cba7044a6b4200f9b06956946689b05716888fe82ac
SHA1 hash: bd56dda2a6d809285c5f94e15c6e18e5e5183dab
MD5 hash: 8912ae2f6192a022c497223ae116fff1
humanhash: robert-nitrogen-victor-chicken
File name:noCONVIDcrisis.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'964 bytes
First seen:2020-04-01 09:58:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:6pIh5+awRuAQVAj18BP4mkovtDRjV9j9ttWJ0N44doZDrC0:6pCcawgzAGtD1j9DWaKE0
TLSH 0FB2F17CD247ADE1E5625670E0E10EEB05C6CE0ACD9D981504F7EB7533334A62539ABC
Reporter abuse_ch
Tags:COVID-19 GuLoader zip


Avatar
abuse_ch
COVID-19 themed malspam distributing GuLoader with unknown payload:

HELO: smtp02-sa.serv.net.mx
Sending IP: 201.150.39.118
From: eduardo.rendon@ayco.com.mx
Subject: RV: DeclaraciĆ³n de Ayco (COVID-19)
Attachment: noCONVIDcrisis.zip (contains "noCONVIDcrisis.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=194ObVOedG5e1zZBqiDQ08ML7VN_8Ph8g

Final payload is unknown, but beacons to posit.monster:
http://posit.monster/luci/Panel/lucifer/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Ponystealer-7649521-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 08:25:11 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
22 of 47 (46.81%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cah7g56p5rrwcf7pw4x4cxz4l722pqo7avilstnrizm64bwe6nlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 100ff377cfec636117efb72fc15f3c5ff5a7c1df0550b94db14659ee06c4f357

(this sample)

Lucifer

Executable exe 4af035724851239914519c88f86ad910e2df4bf9f565952fd617c4f2dbc703e3

GuLoader

Executable exe 81bd7f9b814b466a614b8b165ef83081e2ea36f8bcf08b59fa7f9bbbad22c80f

  
URLhaus
https://urlhaus.abuse.ch/url/333128/
  
Dropping
MD5 42cf80d8d4918740cb4a52210d8919bd
  
Dropping
SHA256 81bd7f9b814b466a614b8b165ef83081e2ea36f8bcf08b59fa7f9bbbad22c80f
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 81bd7f9b814b466a614b8b165ef83081e2ea36f8bcf08b59fa7f9bbbad22c80f

Comments