MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95185504d87dbcfd6df6b45e4bfc16e1ed47ab79de52904205f73ae73103c1fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 95185504d87dbcfd6df6b45e4bfc16e1ed47ab79de52904205f73ae73103c1fe
SHA3-384 hash: 5e9febe37ce8e9467deeb52d9800ef9e34110a7a480f4485ae77e8c5382ac32cb4bbfba4fc3c06457300ca9d48ee6203
SHA1 hash: b99296225ef0a4c8f918a058f14fe5d4a65c0cc0
MD5 hash: c6e5ed0d8713925e4ccf439110dd226d
humanhash: east-delaware-chicken-carpet
File name:KN95 face mask,disposable mask,forehead thermometer,COVID-19 Products pdf.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:51'197 bytes
First seen:2020-04-22 12:11:38 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:GWgGOvBif7SPtaitpaap6h/s/Id4zJ5fbH/rkIxGaIEYSDNslGvNJzkQA041267/:ntOwDSj0ap6Zi5DHIOGazTVJoT
TLSH B63302AF9DCDFC625370C1348C38AA9375C5CC2C82B32A94111856B7B99963B1F22F57
Reporter abuse_ch
Tags:COVID-19 GuLoader rar


Avatar
abuse_ch
COVID-19 themed malspam distributing GuLoader:

HELO: sau-f9894-or.servercontrol.com.au
Sending IP: 118.127.60.69
From: ruth.mugofwa@halisifamily.hospital
Subject: KN95 face mask,disposable mask,forehead thermometer,COVID-19 Products
Attachment: KN95 face mask,disposable mask,forehead thermometer,COVID-19 Products pdf.rar (contains "KN95 face mask,disposable mask,forehead thermometer,COVID-19 Products pdf.bar")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 12:35:30 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sumfkbgypw6p23pwwrpex7aw4hwupk3z3zjjaqqf645oomidyh7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 95185504d87dbcfd6df6b45e4bfc16e1ed47ab79de52904205f73ae73103c1fe

(this sample)

GuLoader

Executable exe 8f6c9e3fe48707ed0446a2c90af1d3f6b10aab25b7cb60e78dda89f25b689cd3

  
Dropping
MD5 87a19a7d78c367b363af015fc299c927
  
Dropping
SHA256 8f6c9e3fe48707ed0446a2c90af1d3f6b10aab25b7cb60e78dda89f25b689cd3
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8f6c9e3fe48707ed0446a2c90af1d3f6b10aab25b7cb60e78dda89f25b689cd3

Comments