MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca9d9bba55a17ac5f0a879efb36f842d2068f0c9844fb8e1285156cfb720d740. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: ca9d9bba55a17ac5f0a879efb36f842d2068f0c9844fb8e1285156cfb720d740
SHA1 hash: a57859e60363b4ffc3f1cc78f2e0e0bc734cd13d
MD5 hash: 3660289fd74bd36e8acb51ab5b3b94f9
File name:INVOICE.exe
Download: download sample
Signature GuLoader
File size:94'208 bytes
First seen:2020-05-22 10:19:10 UTC
Last seen:2020-05-22 10:52:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e962f8212a952da5e058314d60017983
ssdeep 768:a50uqMtLGyQIoHfRPlFLytesVmDn/1uEmho8V5lBEEjhcXSTDY3vp:A0PMgI8JLLytRVo83hvEUcR
TLSH 6893F726BA80DC73C5300FF15A728288507BACB1DB214F4BB9DA3B1DA53614D6B7539B
Reporter @abuse_ch
Tags:exe GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: seed.net.tw
Sending IP: 139.175.54.24
From: Mauricio Mier <mamier@eldorado.com.uy>
Subject: SIGNED INVOICE
Attachment: INVOICE.r00 (contains "INVOICE.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1czd409N3punnxOPYasYBPh1On5hUEnTu

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 26
Origin country FR FR
ClamAV PUA.Win.Packer.ProtectSharewar-2
PUA.Win.Packer.ProtectSharewar-3
VirusTotal:Virustotal results 16.90%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe ca9d9bba55a17ac5f0a879efb36f842d2068f0c9844fb8e1285156cfb720d740

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments