MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a081efb333a23c2226e1faee6e737fe750ed8659ec67535637d8b4653436c02. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a081efb333a23c2226e1faee6e737fe750ed8659ec67535637d8b4653436c02
SHA3-384 hash: 2a18887e7a51807d1e648eb5418f6044448e9a47da993f81ab24c2bc1b9e83b73e5b2d498529efab491e0ca5c99f77ea
SHA1 hash: c3e0ff9559e2454af4cda43aba2c9200679f34dd
MD5 hash: f0d352d3a09e3de53984a235e30ee45c
humanhash: freddie-double-thirteen-pasta
File name:Health-E-book·pdf.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:26'192 bytes
First seen:2020-03-31 07:24:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:ljPXfw9E8ZOLQ2WpK+V/wP02w/MGPgnY6xsRi4rbdq/X5MNaPlDFqL0:BKkWTEeNPoY6uRiebdC5uaPlDFqY
TLSH 59C2E0E2E239A463DF280EEE787B47FC4E15BF981B925476C1815A560A460F9E50E0E2
Reporter abuse_ch
Tags:COVID-19 GuLoader zip


Avatar
abuse_ch
COVID-19 malspam campaign distributing GuLoader->AveMariaRAT:

HELO: server.yafuzsport.com
Sending IP: 148.251.119.5
From: WHO: World Health Organization <who_advise@who.int>
Subject: Alerting Consumers
Subject: Latest corona-virus updates
Attachment: Health-E-book·pdf.zip (contains "Health-E-book·pdf.exe")

GuLoader payload URL (AveMariaRAT):
https://drive.google.com/uc?export=download&id=1UD-IOEF5ULeY9fkl5xhHtxtQfDR6SbIJ

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Vebzenpak-7646377-0
Create hunting rule

Win.Dropper.Remcos-7647550-0
Create hunting rule

Win.Trojan.Ponystealer-7648176-0
Create hunting rule

Win.Dropper.Remcos-7683428-0
Create hunting rule

Sanesecurity.Malware.27245.ZipHeur.HideExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 07:35:41 UTC
AV detection:
24 of 47 (51.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jieb56zthir4eitod6xonzzx7z2q5wdft3dhknldpwfumu2dnqba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 4a081efb333a23c2226e1faee6e737fe750ed8659ec67535637d8b4653436c02

(this sample)

AveMariaRAT

Executable exe 4a7fd200df098a126c9661ba9507674202dbd1864fb3edf03860110f66e8297a

GuLoader

Executable exe 39ff3114bc4a8308c1a46885eb9a2923335b86be7f5807c3ae8ca593d59aac05

  
URLhaus
https://urlhaus.abuse.ch/url/332077/
  
Dropping
MD5 1e9e01612f8a9eb1b7d0c2f7e16be8ab
  
Dropping
SHA256 39ff3114bc4a8308c1a46885eb9a2923335b86be7f5807c3ae8ca593d59aac05
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 39ff3114bc4a8308c1a46885eb9a2923335b86be7f5807c3ae8ca593d59aac05

Comments