MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a30a49e74609381de58b009afb9859373674d7bc1bb749da837163dae8237d62. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: a30a49e74609381de58b009afb9859373674d7bc1bb749da837163dae8237d62
SHA1 hash: aa041977ae47ae0c7cd25654c610edc07e8aa8a7
MD5 hash: d4e1d8b28d77f220c0b7e0c5a60f0481
File name:Agrio.exe
Download: download sample
Signature GuLoader
File size:98'304 bytes
First seen:2020-05-22 15:05:58 UTC
Last seen:2020-05-22 15:48:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f5510c4bae1c2f921d2aef0e9dabb304
ssdeep 768:KzlkTsqw/ZiCZPGfqqaN7jWXI2CHG2bbctB5MyCldFyxxyn1BhUz8LDDnk9Va:mlk3wECZPtwI2Cm2/cMXBCUwa
TLSH 2EA33A617654FD63C6320FF20A324558157BED3C1A444A0B70C93A2E7AB698EFE36397
Reporter @abuse_ch
Tags:exe GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: df-email-1.easy11.de
Sending IP: 134.119.8.69
From: DKV EURO SERVICE GmbH + Co. KG <warth@lieferanten-marktplatz.de>
Subject: AW: AW:Payment and Order Confirmation 29-04-20 INVOICE_20-613129926-001
Attachment: Rechnung.zip (contains "Agrio.exe")

GuLoader payload URL:
http://156.96.118.179/RAW-4-DAVdx_xtLnf95.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 31
Origin country US US
ClamAV PUA.Win.Packer.ProtectSharewar-2
PUA.Win.Packer.ProtectSharewar-3
VirusTotal:Virustotal results 14.29%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe a30a49e74609381de58b009afb9859373674d7bc1bb749da837163dae8237d62

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments