MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af3010a2be78e62e61e477c80455545a6881c7c90b0f18895103a707eacdf017. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af3010a2be78e62e61e477c80455545a6881c7c90b0f18895103a707eacdf017
SHA3-384 hash: 9662d3f61d004422811714a2f917a37fd3777b5ee06ab4cddd2024890f969dc6779be6ebbd00e9d59258c6e17c029071
SHA1 hash: 9ea0c64872121617540af51b851d2dcae7175d55
MD5 hash: 6ebdbe6b3c3f368c9b55ae9c5e2dcb96
humanhash: cat-ink-king-delta
File name:Enactedbre.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:106'496 bytes
First seen:2020-05-25 08:13:34 UTC
Last seen:2020-05-25 08:52:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2111d3d091fcb0fc97909dfdb82a6a60 (1 x GuLoader)
ssdeep 768:Km0P7k46CJ9DTPOm4U5Ow3bhpcfX174euHuy0mCSCSwGxY9H5pB0jFBmq:Gx6g9PO0dh4XZIHuGCSwGxY9HDmF/
Threatray 136 similar samples on MalwareBazaar
TLSH 0CA30A26B6CCDCE1EC225EB12ED09EB84D277C205D585F47314EBF4E96376C02BA5226
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: pilship.com
Sending IP: 37.49.230.207
From: Kin <sales@pilship.com>
Reply-To: onemilliondo@gmail.com
Subject: ORDER NO: 72128 BUYER: Kin
Attachment: ORDER NO 72128 BUYER Kin.zip (contains "Enactedbre.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5542/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.49512.15407.17544.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 10:31:59 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
04d875e96b175c1b48bc73d256c4b5f473c189c4cde85be92cecab2e74e7dd2f
GuLoader
330d748935d0789d8eb231a6781b9ecec36a4bc72829bef65fadd6667573753a
GuLoader
36b5a8e87838e415fdd4a70b2b6cd405ab8db7771ed08efc2c80ba016818dea7
GuLoader
4d02a7969e34cdedb37997496c951b9e37f40eb8228deef6e436a3781ce00966
GuLoader
5cd27e2b49870da39e71fdb5c7b858b1548f351aa16e14df939103c75aa8aefd
GuLoader
600a4d7f91540e7a6e9dd1162872404f1c04a171791f24e6a95f5a6545f6d5d3
GuLoader
7b6ca7e419c638612b8de732601bd337c12738022aaf76c274823b5c641e541f
GuLoader
a7298d680e5a8a36225a1d1fe1b3a250291f31855a02e871e5b02fd5bb76d6be
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
ff670f0f84aef661b70217d00c15c0f0208c8ad2af072988c09941970b3b4081
GuLoader
+ 126 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-lmxz45ywd2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 0b933b13e2d0f0f815c5a2b58c86ee0f9c6d9055b1438089bfc6d3a93dc9de0b

GuLoader

Executable exe af3010a2be78e62e61e477c80455545a6881c7c90b0f18895103a707eacdf017

(this sample)

  
Dropped by
MD5 75d15aeab57a546e5d604280bc6833c9
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 0b933b13e2d0f0f815c5a2b58c86ee0f9c6d9055b1438089bfc6d3a93dc9de0b
Cape
Cape
https://www.capesandbox.com/analysis/5542/

Comments