MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 998aee9b4b4ab37178dd79a10c7760697f06bf93272578fd9bf4a3b42123fd31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	998aee9b4b4ab37178dd79a10c7760697f06bf93272578fd9bf4a3b42123fd31
SHA3-384 hash:	8ab216bb76b31c863965013fd2bca38235e3be0728c51da00a58ad2d3d4a96d12d21a83aaaaf72d29b8ce4da95175802
SHA1 hash:	eda7c1cdfdc2dd8403c4145d8b3c3fc938128049
MD5 hash:	5c2cb0c75e22d6956c5507d471176fb8
humanhash:	orange-avocado-spring-queen
File name:	TNT EXPRESS CONSIGNMENT.ace
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	23'100 bytes
First seen:	2020-05-22 06:46:23 UTC
Last seen:	Never
File type:	ace
MIME type:	application/octet-stream
ssdeep	384:eB5zMwVWIgrdXDg58Q45OD7bNutyh/pKCS0eUdPfpD2jiWoHLHlFlWsivLAOIuf9:6MwVWIAFD0467brh/pJeQXB2jiW+LHZk
TLSH	84A2E1B38909A4FA388F55783217FF5F946D12C4D275BCFBC9DED6BA7950806A010E20
Reporter	cocaman
Tags:	ace

cocaman

Malicious email
From: TNT EXPRESS CONSIGNMENT <diamond@tnt.com>
Received: from mail4.hosting.ua (mail4.hosting.ua [194.54.88.154])
Date: Thu, 21 May 2020 21:15:35 -0700
Subject: TNT Express delivery Consignment Notification
Attachment: TNT EXPRESS CONSIGNMENT.ace

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.25165.AceHeur.Scr.UNOFFICIAL

SecuriteInfo.com.Suspicious-ACE-scr.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-22 07:36:45 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

8 of 48 (16.67%)

Threat level:

5/5

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace 998aee9b4b4ab37178dd79a10c7760697f06bf93272578fd9bf4a3b42123fd31

(this sample)

GuLoader

exe 343ff3ffa22f7bd8a4942c2d5ef3e9992bd47a383641f69eb1675bc8872db420

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 343ff3ffa22f7bd8a4942c2d5ef3e9992bd47a383641f69eb1675bc8872db420

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample