MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59a887538638c619593f8c3ec00d50d271e44541be62ef59c9a1ba241a5655ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Guildma

Vendor detections: 5

Intelligence 5 IOCs YARA 5 File information Comments

SHA256 hash:	59a887538638c619593f8c3ec00d50d271e44541be62ef59c9a1ba241a5655ac
SHA3-384 hash:	1aff3924acb2df223e98d922247d22db929e2a8937dc40175cc56bf12cac74e983bd72964fd5dd3baf57aa88437131b5
SHA1 hash:	00ec603f70c2eb0eb25c5d865d778ad6fa5926de
MD5 hash:	f2cbd998738a5e078aa0b184f3e0d625
humanhash:	fillet-nine-xray-fifteen
File name:	Assinar_PDF_3476.zip
Download:	download sample
Signature	Guildma Create hunting rule
File size:	3'777 bytes
First seen:	2024-12-16 18:59:35 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	96:EaGQG2DXnNebU07KOdYXUoOpKsInYEwimNZI5ASf:E0dGUO1GU5pWYEwim7I5xf
TLSH	T1B1715C66D0318464F03F48B7CD1E1387EBA7AD8F8801170E2FA0570047EF5D35AA9603
Magika	zip
Reporter	Brad_malware
Tags:	Astaroth guildma zip

Intelligence

File Origin

# of uploads :

# of downloads :

648

Origin country :

File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:	Assinar_PDF_3476.mov
File size:	2'136 bytes
SHA256 hash:	9ac5e8e9670cf086644c8eb7ce87d40b3e2251d3c548b0b9ea234bc009d24f4b
MD5 hash:	48af0b3ad657399e66453b389ca23640
MIME type:	text/plain
Signature	Guildma

File name:	Assinar_PDF_3476.htm
File size:	538 bytes
SHA256 hash:	41cc12ca339d50d4bbf8800e0461be9afd36ab3f683031e3051ca6f0e0fafa97
MD5 hash:	584f776bf10f107777e436914b6d1717
MIME type:	text/xml
Signature	Guildma

File name:	Assinar_PDF_3476.lNK
File size:	1'596 bytes
SHA256 hash:	a8ea46b922b219b53aeb91cf06a7e8a91331acaae324b6bf69ef74ea5bca14ce
MD5 hash:	e7ed93668f461bbbb9e8ea50360e6ada
MIME type:	application/octet-stream
Signature	Guildma

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.Lnk_Zip_1.UNOFFICIAL

Sanesecurity.Malware.31283.LnkHeur.UNOFFICIAL

TwinWave.EvilLNK.AstarothHeadLikeAHole.20221019.UNOFFICIAL

TwinWave.EvilLNK.DefineMyName.20240425.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67607ac78fb73f13afce3cb1

Tags:

malware

Verdict:

Suspicious

Labled as:

Troj/LnkObf

Link:

https://www.hybrid-analysis.com/sample/59a887538638c619593f8c3ec00d50d271e44541be62ef59c9a1ba241a5655ac

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/59a887538638c619593f8c3ec00d50d271e44541be62ef59c9a1ba241a5655ac

Score:

Verdict:

Benign

File Type:

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	EXE_in_LNK Create hunting rule
Author:	@bartblaze
Description:	Identifies executable artefacts in shortcut (LNK) files.

Rule name:	High_Entropy_LNK Create hunting rule
Author:	@bartblaze
Description:	Identifies shortcut (LNK) file with equal or higher entropy than 6.5. Most goodware LNK files have a low entropy, lower than 6.

Rule name:	Script_in_LNK Create hunting rule
Author:	@bartblaze
Description:	Identifies scripting artefacts in shortcut (LNK) files.

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via e-mail link

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample