MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cac240e2759b45458ca45869ad55883a994e52972bc165e242917960f2d0877b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cac240e2759b45458ca45869ad55883a994e52972bc165e242917960f2d0877b
SHA3-384 hash: f12891aaa2c9707497068d849a843ce12edb9dabf37dc93dd65ae03c87851da90cb608b081650cd6e101add08894fab8
SHA1 hash: 63526c3ab307c902e81f2c2681e21db89da85427
MD5 hash: f590e384897861fb9ecf4261aaf6db0c
humanhash: fillet-georgia-magazine-berlin
File name:COVID-19 VACCINE- CURE- UPDATE.Xlxs.iso
Download: download sample
Signature GuLoader
Create hunting rule
File size:167'936 bytes
First seen:2020-04-14 17:31:11 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 1536:fu/6JjOe+De4KIIi34l0spGGW6Ab+D7j+I1:fj8e4PcRt6SPP1
TLSH F8F3A260B594BE61C8154EB16AB4DAE81823BD749DB02607B5CD3E1F3BB30E17B12B52
Reporter abuse_ch
Tags:COVID-19 GuLoader iso


Avatar
abuse_ch
COVID-19 themed malspam distributing GuLoader:

HELO: linux887.grserver.gr
Sending IP: 185.4.133.240
From: [ W.H.O ]WORLD HEALTH ORGANIZATION <worldhealthsupport@who.com>
Subject: W.H.O: COVID-19 VACCINE NOW READY FOR DISPATCH
Attachment: COVID-19 VACCINE- CURE- UPDATE.Xlxs.iso (contain "COVID-19 VACCINE- CURE- UPDATE.Xlxs.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1zcSB7nHWJ-EYvukNnOHdNlI5udPPlPPf

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7667577-0
Create hunting rule

Win.Dropper.NetWire-7667588-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Minix
Create hunting rule
Status:
Malicious
First seen:
2020-04-14 17:35:23 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zlbebytvtnculdfelbu22vmihkmu4uuxfpawlyscsf4wb4wqq55q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso cac240e2759b45458ca45869ad55883a994e52972bc165e242917960f2d0877b

(this sample)

GuLoader

Executable exe ea38089348d047f0b0162a6d3404d579a42e355d62e01a7c1bc38c1af764717a

  
Dropping
MD5 a2a1b64ca075b12dcedd232ab3b32451
  
Dropping
SHA256 ea38089348d047f0b0162a6d3404d579a42e355d62e01a7c1bc38c1af764717a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ea38089348d047f0b0162a6d3404d579a42e355d62e01a7c1bc38c1af764717a

Comments