MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b933b13e2d0f0f815c5a2b58c86ee0f9c6d9055b1438089bfc6d3a93dc9de0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b933b13e2d0f0f815c5a2b58c86ee0f9c6d9055b1438089bfc6d3a93dc9de0b
SHA3-384 hash: 8f5717fcd631762defb197967f8fbf0a5d17606d21f078b935152f1c46289889414d0e946694c6109251bd794cb90a01
SHA1 hash: 08e4a6b932c8fe6706896a587aa2b9e987c84a7f
MD5 hash: 75d15aeab57a546e5d604280bc6833c9
humanhash: mike-connecticut-south-carpet
File name:ORDER NO 72128 BUYER Kin.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:29'600 bytes
First seen:2020-05-25 08:13:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:5n85iB7WS2Hq12HtTVb4X5hM2El7826+jyINrvkOHybrvCZ0EaYYzhxjW7Y/4ryw:5UiB7WFtxIhM2El3bjrUzhR//lN0
TLSH 45D2F2A7603C691449F523D290748569727C55F364B7998F0CCC8B9D84E32BA962FDC4
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: pilship.com
Sending IP: 37.49.230.207
From: Kin <sales@pilship.com>
Reply-To: onemilliondo@gmail.com
Subject: ORDER NO: 72128 BUYER: Kin
Attachment: ORDER NO 72128 BUYER Kin.zip (contains "Enactedbre.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.49512.15407.17544.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 10:37:51 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
10 of 47 (21.28%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 0b933b13e2d0f0f815c5a2b58c86ee0f9c6d9055b1438089bfc6d3a93dc9de0b

(this sample)

GuLoader

Executable exe af3010a2be78e62e61e477c80455545a6881c7c90b0f18895103a707eacdf017

  
Dropping
MD5 6ebdbe6b3c3f368c9b55ae9c5e2dcb96
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 af3010a2be78e62e61e477c80455545a6881c7c90b0f18895103a707eacdf017

Comments