MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 988a37fbce9f6bbe0c3fd0de3e54f91e43b4d08f348e8be415c5ffbe962d94d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 988a37fbce9f6bbe0c3fd0de3e54f91e43b4d08f348e8be415c5ffbe962d94d4
SHA1 hash: 018af18f85231d440ffddb7681a7c798118c3e1d
MD5 hash: 3eb7bda3bbc459a296730d66504b5147
File name:facturas.PDF.ace
Download: download sample
Signature GuLoader
File size:22'884 bytes
First seen:2020-05-22 09:56:10 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 384:+EM/m3qPcqLMegYX0+Zonm4utNS57teGTUVWgFSOEyxGTpHpJCE95xq+ef70MxW4:7qFvX0Rme57teJFS9v7qVBF
TLSH 64A2D067257918EE723E8F6524FB3CA59F83627EE5D24B1A33ED029AC5D1011E99023C
Reporter @abuse_ch
Tags:ace GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: hosting-a01.descom.es
Sending IP: 54.194.66.61
From: Cristina Garfagnoli <cgarfagnoli@duran.com.ar>
Subject: verifique las facturas
Attachment: facturas.PDF.ace (contains "facturas.PDF.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1KPWTH-gVU9tAW-5ixHEH5k9GQKEgef9J

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 23
Origin country FR FR
ClamAV No detection
VirusTotal:Virustotal results 32.26%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace 988a37fbce9f6bbe0c3fd0de3e54f91e43b4d08f348e8be415c5ffbe962d94d4

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments