MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca34d9a6aa92b930fcce953051db0dfb743f7e16d8b7613ab69585521ab0a61b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca34d9a6aa92b930fcce953051db0dfb743f7e16d8b7613ab69585521ab0a61b
SHA3-384 hash: 500eedc1dcda8e5103653722d130374c5bd249956e3c7d3a4b8c090b1f76848db7b89035afa629ae1f90e4e363d0ba2e
SHA1 hash: c7c3b295e0fa9509e26b1eabf0099ccff10245da
MD5 hash: 1a31389fdf964de72884a3f85bc000db
humanhash: december-venus-blossom-twenty
File name:COVID-19 Güncellemesi - DHL Express Temel Etkinligi.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:25'453 bytes
First seen:2020-04-06 17:33:43 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 384:avjZLqiU6Ut9XKjZW888fhL8AP1L819tc8PyBzQLzYupr/bP/nnVNRglBD3pJVjQ:aLlq8s9+U8R3BCtdq6X/zzRglDJxOxW8
TLSH FDB2E18DA200F508156E751A3F62DAF1DE5D36E3313E64D4116F252BF620E09A602F6F
Reporter abuse_ch
Tags:AgentTesla COVID-19 geo GuLoader gz TUR


Avatar
abuse_ch
COVID-19 themed malspam distributing GuLoader->AgentTesla in Turkey:

HELO: gateway23.websitewelcome.com
Sending IP: 192.185.50.164
From: DHL EXPRESS TR <noreply@dhl.com.tr>
Subject: COVID-19'u güncelleştirme - DHL Express TURKEY temel faaliyeti (COVID-19'u güncelleştirme - temel DHL Express TURKEY etkinliği)

GuLoader payload URL (dropping AgentTesla):
https://drive.google.com/uc?export=download&id=1RqrfHL79u2Jrzdx6a-OGCpNBS7jcU5UG

AgentTesla SMTP exfil email address:
bin2laden@yandex.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7650830-0
Create hunting rule

Win.Malware.Generic-7650850-0
Create hunting rule

Win.Malware.Generic-7652320-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 17:36:09 UTC
AV detection:
21 of 30 (70.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zi2ntjvksk4tb7gosuyfdwyn7n2d67qw3c3wcovwswcvegvquynq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz ca34d9a6aa92b930fcce953051db0dfb743f7e16d8b7613ab69585521ab0a61b

(this sample)

GuLoader

Executable exe efb24807a8af2cadae6d4e325c6cfcb47465db355cdbbe2fd002c06842aebdab

  
URLhaus
https://urlhaus.abuse.ch/url/335847/
  
Dropping
MD5 f296e01bdf8faf6f8c2627ad0e9c4c36
  
Dropping
SHA256 efb24807a8af2cadae6d4e325c6cfcb47465db355cdbbe2fd002c06842aebdab
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 efb24807a8af2cadae6d4e325c6cfcb47465db355cdbbe2fd002c06842aebdab

Comments