MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 988a37fbce9f6bbe0c3fd0de3e54f91e43b4d08f348e8be415c5ffbe962d94d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 988a37fbce9f6bbe0c3fd0de3e54f91e43b4d08f348e8be415c5ffbe962d94d4
SHA3-384 hash: 9fa71c9bfbb71dfc073bdfe3d218158844fbcfcdd6c05b21103eec2609762a1008083e5f2a191e29d7ecfab47381aa46
SHA1 hash: 018af18f85231d440ffddb7681a7c798118c3e1d
MD5 hash: 3eb7bda3bbc459a296730d66504b5147
humanhash: harry-pizza-louisiana-jig
File name:facturas.PDF.ace
Download: download sample
Signature GuLoader
Create hunting rule
File size:22'884 bytes
First seen:2020-05-22 09:56:10 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 384:+EM/m3qPcqLMegYX0+Zonm4utNS57teGTUVWgFSOEyxGTpHpJCE95xq+ef70MxW4:7qFvX0Rme57teJFS9v7qVBF
TLSH 64A2D067257918EE723E8F6524FB3CA59F83627EE5D24B1A33ED029AC5D1011E99023C
Reporter abuse_ch
Tags:ace GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hosting-a01.descom.es
Sending IP: 54.194.66.61
From: Cristina Garfagnoli <cgarfagnoli@duran.com.ar>
Subject: verifique las facturas
Attachment: facturas.PDF.ace (contains "facturas.PDF.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1KPWTH-gVU9tAW-5ixHEH5k9GQKEgef9J

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 10:37:03 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace 988a37fbce9f6bbe0c3fd0de3e54f91e43b4d08f348e8be415c5ffbe962d94d4

(this sample)

GuLoader

Executable exe fc6e4e6dae2a913cbaf3d495ab6508f01660f1cd6a1b20a84105776c8f65a090

  
URLhaus
https://urlhaus.abuse.ch/url/366461/
  
Dropping
MD5 a9c2cb85163a1bb3d7129d678efcf989
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fc6e4e6dae2a913cbaf3d495ab6508f01660f1cd6a1b20a84105776c8f65a090

Comments