MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30785da049b13f1cd228be54f6ce25d801f3fc4890dada9464830e078df7cf94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30785da049b13f1cd228be54f6ce25d801f3fc4890dada9464830e078df7cf94
SHA3-384 hash: 5055b1c0235676d41ff6bf84638e07ac1bd01cc2260cf0b5f5a127948c536d0f361dc268b594c380d42e3fea07db025b
SHA1 hash: 3b3e05659ac22f3922b15435cf1b83a82ae4e41b
MD5 hash: 06a83ea5044358ae862a6ecc09043362
humanhash: jupiter-stream-fanta-south
File name:gm.exe
Download: download sample
File size:4'969'584 bytes
First seen:2020-08-18 19:17:53 UTC
Last seen:2020-08-18 20:12:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c01de1cbed33c8548c69a6e1ec683adc
ssdeep 98304:HZtjnZ6rQRQulhKKMp8vm3qvOqfPCcReouRtpoRm:HjbZKcQul5/vm3q4cRY1oRm
TLSH CD3633C1FEC6FE21E2541C3801B3865C0855BE39FF49AA2E757DF3AD58B0A30B694949
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: lhpmotor.com
Sending IP: 185.222.58.149
From: uttam.sutar <uttam.sutar@lhpmotor.com>
Subject: RE: PURCHASE ORDER
Attachment: gm.zip (contains "gm.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/48025/
Detection(s):
PUA.Win.Packer.EnigmaProtector-19
Create hunting rule

PUA.Win.Packer.EnigmaProtector-1
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Delayed writing of the file
Creating a window
Sending a UDP request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/30785da049b13f1cd228be54f6ce25d801f3fc4890dada9464830e078df7cf94/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gb4f3icjwe7rzurixzkpntrf3aa7h7cisdnnvfdeqmhapdpxz6ka._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-b81tjqcvgn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/30785da049b13f1cd228be54f6ce25d801f3fc4890dada9464830e078df7cf94

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:EnigmaStub
Create hunting rule
Author:@bartblaze
Description:Identifies Enigma packer stub.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 440eb2ecf5b55bf844c4559632a589b26d6b4ef04b0f1716081e31817ad0f5fc

Executable exe 30785da049b13f1cd228be54f6ce25d801f3fc4890dada9464830e078df7cf94

(this sample)

  
Dropped by
MD5 8482ec53a0a17db94b4c0cae0bc2d6c4
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/48025/
  
Dropped by
SHA256 440eb2ecf5b55bf844c4559632a589b26d6b4ef04b0f1716081e31817ad0f5fc

Comments