MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e91166f7f455a595f6a94ee26a06a1e391e9c2ca48cb50577fdf443bc51fa92. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e91166f7f455a595f6a94ee26a06a1e391e9c2ca48cb50577fdf443bc51fa92
SHA3-384 hash: 69a0a20b192c77d1e158457dcf2e755f62eb6f8c7efa35e7cdb9cf5292c9b1d506282409f29aaa472071ad32366a1dd9
SHA1 hash: 7977f883f69a521843ed4ab568483d4cbcd175f0
MD5 hash: 82278f109ee52994973867b3a5f83a28
humanhash: hotel-rugby-avocado-red
File name:Covid-19 specification sheets.arj
Download: download sample
Signature GuLoader
Create hunting rule
File size:26'199 bytes
First seen:2020-04-13 17:40:20 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 384:3GeicOYAUBOpDp3Ztij7xujgptb6xaG4DLq6RKwtazhTSVbaKkgYbJJSy:kYAgetA1ujgptb6Mo0Oh6OK63
TLSH 64C2E19AB9DBC244C7813744F48196BFB5821548FC8323771FACA2C1D7EB91A91D26F1
Reporter abuse_ch
Tags:arj COVID-19 GuLoader


Avatar
abuse_ch
COVID-19 themed malspam distributing GuLoader->AgenTesla:

HELO: srv3.hostingafull.com
Sending IP: 198.46.134.157
From: tamas.szuts@propharma.hu
Subject: COVID-19(Coronavirus)products
Attachment: Covid-19 specification sheets.arj (contains "Covid-19 specification sheets.bat")

GuLoader payload URL (AgentTesla):
https://drive.google.com/uc?export=download&id=1cnKgO1WC_XGRP2u0VspZs1LTWO_DvI_U

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareitvb
Create hunting rule
Status:
Malicious
First seen:
2020-04-13 18:35:27 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
14 of 45 (31.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r2irm337ivnfsx3kstxcnidkdy4r5hbmusglkblx7x2ehpcr7kja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 8e91166f7f455a595f6a94ee26a06a1e391e9c2ca48cb50577fdf443bc51fa92

(this sample)

GuLoader

Executable exe 1c7aee0fc8ced2b774aa4a05c4a00228dddb3c9768afa1f8309f8e188431836d

  
URLhaus
https://urlhaus.abuse.ch/url/339625/
  
Dropping
MD5 ccf85d80bf9de861ae1deb60e7bd6294
  
Dropping
SHA256 1c7aee0fc8ced2b774aa4a05c4a00228dddb3c9768afa1f8309f8e188431836d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1c7aee0fc8ced2b774aa4a05c4a00228dddb3c9768afa1f8309f8e188431836d

Comments