MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc6e4e6dae2a913cbaf3d495ab6508f01660f1cd6a1b20a84105776c8f65a090. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 3 File information Yara Comments

SHA256 hash: fc6e4e6dae2a913cbaf3d495ab6508f01660f1cd6a1b20a84105776c8f65a090
SHA3-384 hash: 3d7d67f7be91eb178b0a734c1479fed3e869b343469b67c74951e843824f95bab5e016794e46e2b6960680fe546ab294
SHA1 hash: 213c4bfbfc471c774bff3aa73f1d5f990edad31a
MD5 hash: a9c2cb85163a1bb3d7129d678efcf989
humanhash: neptune-emma-princess-maryland
File name:facturas.PDF.exe
Download: download sample
Signature GuLoader
File size:90'112 bytes
First seen:2020-05-22 09:56:11 UTC
Last seen:2020-05-22 10:51:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0e92406c3971179f76b29d7e2087702c
ssdeep 768:pEp4abrBBlJT8x8XF3XmBL8OQqyyUWdqzfnSlGjlQ/ESfuPoyJuPjpUswPv5ajqs:a15TGmCyy8XQuPohLpUzHTizlIIV
TLSH 35935B18F948DCA9E8084DB1C9E446AA14BFFC327DA44B1F38C97E7C39739812D66346
Reporter @abuse_ch
Tags:exe GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: hosting-a01.descom.es
Sending IP: 54.194.66.61
From: Cristina Garfagnoli <cgarfagnoli@duran.com.ar>
Subject: verifique las facturas
Attachment: facturas.PDF.ace (contains "facturas.PDF.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1KPWTH-gVU9tAW-5ixHEH5k9GQKEgef9J

Intelligence


File Origin
# of uploads :
2
# of downloads :
35
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-05-22 10:37:26 UTC
AV detection:
26 of 31 (83.87%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe fc6e4e6dae2a913cbaf3d495ab6508f01660f1cd6a1b20a84105776c8f65a090

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments