MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0749bf91a4fb4a8d74096ea4d202e07f3dc72feb693008b1d0b1ee68c3f80281. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0749bf91a4fb4a8d74096ea4d202e07f3dc72feb693008b1d0b1ee68c3f80281
SHA3-384 hash: 58dbb2de3f830498a797ffc69d393519ed406186b28d57bfdeb3842f0dd3d7db0eda4b5e3345bc7ace2a8f331a60752e
SHA1 hash: 5b47d77058da6c2c7eb724232f123698ab4de4a2
MD5 hash: db396d87a2fa4452f3f350e7d96e28aa
humanhash: wisconsin-wisconsin-thirteen-hotel
File name:Report13-10.exe
Download: download sample
Signature BazaLoader
Create hunting rule
File size:5'288'656 bytes
First seen:2020-10-13 20:48:17 UTC
Last seen:2020-10-14 05:49:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b5967c37d2dce44a236b51bfac6b227a (5 x BazaLoader)
ssdeep 49152:YR3LoqvaY8M6q9Bqnhs7Lgsx2NQ3hfZrK3:OVaVa9Bqe7eANU
Threatray 122 similar samples on MalwareBazaar
TLSH 903619CAB3E1ADCFD09A97335EE687301751F81006174B8B63989F2CBA5AB448F45F25
Reporter ffforward
Tags:BazaLoader SNAB-RESURS OOO

Code Signing Certificate

Organisation:DigiCert High Assurance EV Root CA
Issuer:DigiCert High Assurance EV Root CA
Algorithm:sha1WithRSAEncryption
Valid from:Nov 10 00:00:00 2006 GMT
Valid to:Nov 10 00:00:00 2031 GMT
Serial number: 02AC5C266A0B409B8F0B79F2AE462577
Intelligence: 204 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 7431E5F4C3C1CE4690774F0B61E05440883BA9A01ED00BA6ABD7806ED3B118CF
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
ffforward
Subject: "Re: my call"

Intelligence

File Origin
# of uploads :
2
# of downloads :
147
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70630/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Transferring files using the Background Intelligent Transfer Service (BITS)
Sending a UDP request
DNS request
Sending a custom TCP request
Launching cmd.exe command interpreter
Unauthorized injection to a system process
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
spyw
Score:
28 / 100
Link:
https://www.joesandbox.com/analysis/490413
Signature
a
c
d
e
g
i
K
l
n
o
r
t
Y
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 297632 Sample: Report13-10.exe Startdate: 13/10/2020 Architecture: WINDOWS Score: 28 17 Yara detected Keylogger Generic 2->17 6 Report13-10.exe 18 2->6         started        9 Report13-10.exe 4 2->9         started        process3 dnsIp4 15 breezdesign.com 34.221.202.231, 443, 49724, 49726 AMAZON-02US United States 6->15 11 WerFault.exe 20 9 6->11         started        13 cmd.exe 6->13         started        process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0749bf91a4fb4a8d74096ea4d202e07f3dc72feb693008b1d0b1ee68c3f80281/
Threat name:
Win64.Trojan.BazaLoader
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 20:50:12 UTC
File Type:
PE+ (Exe)
Extracted files:
10
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a5e37ene7nfi25ajn2sneaxap464ol7lneyarmoqwhxgrq7yakaq._file
Verdict:
malicious
Similar samples:
0654bd997b078513c0607683315b9499ec1edc970af5e75d71948ea605781867
BazaLoader
1055df2f38b4f540a99c23ecab450a4dc032c71579f41dd8314e892b3db21cfe
BazaLoader
43db644f33e96b7c734f682635fa7a0e5437a65871efe0f04ede0568e19c7c3f
BazaLoader
45f8ed5faa1a4dcdc384516976190f836ce3e7b9a4ba3ff7dd0116a1ea8e121b
BazaLoader
70d2143ae90b0ba8e2756371659faf4aed219509727ccbe325c6ddcddd1e9e5a
BazaLoader
7bffdca84095758005b4e272cb55bf0c5bdd1057ac98b0b1389af6fe3dbd7549
BazaLoader
7dd760acef6e4e8852e91cec3c0b1ea1e4a8dc5f7ae43737f0d05714c0f9e1ba
BazaLoader
9acf5fad418be78ace0834e8e6b8891d83be69e14fe8b99a07b7d63e3595a520
BazaLoader
aa1be103378c35cac611142349b9d6d81eced0713cd7cba343fa93648494102e
BazaLoader
cf535eb0782fd0ee4c246fcca439c85b79f5854e80ae1128d6314b7d76fef110
BazaLoader
+ 112 additional samples on MalwareBazaar
Result
Malware family:
bazarbackdoor
Create hunting rule
Score:
  10/10
Tags:
backdoor family:bazarbackdoor
Link:
https://tria.ge/reports/201013-bya3742w36/
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blacklisted process makes network request
BazarBackdoor
Unpacked files
SH256 hash:
0749bf91a4fb4a8d74096ea4d202e07f3dc72feb693008b1d0b1ee68c3f80281
MD5 hash:
db396d87a2fa4452f3f350e7d96e28aa
SHA1 hash:
5b47d77058da6c2c7eb724232f123698ab4de4a2
Link:
https://www.unpac.me/results/b35a55bf-1baa-43b9-a5ab-563bc3f174a3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0749bf91a4fb4a8d74096ea4d202e07f3dc72feb693008b1d0b1ee68c3f80281

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/70630/

Comments