MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f6351e0d8ebf90dc864996ebce30e60e8887f8c7f477fc3bec23806a1def95c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f6351e0d8ebf90dc864996ebce30e60e8887f8c7f477fc3bec23806a1def95c
SHA3-384 hash: 0c8789eb6eb9d85da4859b953f8e9b06193bbceb7359fb38bb10451e9ecf5827eb3e7f553f7cfd0e127308d3cec33577
SHA1 hash: 2570837764a12a7794752ea4d190ed5cda86cd2c
MD5 hash: e815879a3788d999e7e2d5f6794edba6
humanhash: lion-jig-blossom-neptune
File name:ATO-06-19-2020-1101470781855-NeimanmarcusReport.exe
Download: download sample
Signature BazaLoader
Create hunting rule
File size:338'000 bytes
First seen:2020-06-22 10:13:43 UTC
Last seen:2020-06-22 10:39:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 137a7b9e00779562b5d93391a5dc2574 (1 x BazaLoader)
ssdeep 6144:HKxm0cHE4/STp/3kRcmZBDxu6ydZufbJgfiRbhS5gIw4zURuo8dBseKKg:qxmnkxTR0RjTo3eKkrQnM
Threatray 417 similar samples on MalwareBazaar
TLSH 92749D7E725404FDDC978439C9918646F671740E43381B8B17988F7ABE332A2E93A71E
Reporter JAMESWT_WT
Tags:Logika OOO TrickBot

Code Signing Certificate

Organisation:GlobalSign
Issuer:GlobalSign
Algorithm:sha256WithRSAEncryption
Valid from:Mar 18 10:00:00 2009 GMT
Valid to:Mar 18 10:00:00 2029 GMT
Serial number: 04000000000121585308A2
Intelligence: 16 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: CBB522D7B7F127AD6A0113865BDF1CD4102E7D0759AF635A7CF4720DC963C53B
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/12548/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6f6351e0d8ebf90dc864996ebce30e60e8887f8c7f477fc3bec23806a1def95c/
Threat name:
Win64.Trojan.Mansabo
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 21:31:34 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
04ad133967d2076e4ce4cbd04c058ba7e8e3725fb72102e2b1b5de433f44de33
BazaLoader
467c33cb979804dad154612a808f2ea234f7501f8d36bf610ed457cc48993c49
BazaLoader
54c3e01a3dee75c7137c63a25915b7bec1876a8fc65047eff99b97d9ca6cd5c6
BazaLoader
6b24ebfb84665cb844410ec9f948cfcf7f6d08f4ede16d52930c53236390848f
BazaLoader
7f757770f2049c23624a483feb6e9331693ded0dafb9c636f96fe6b9307a704c
BazaLoader
b4b7f0fd63cda1269ee937fa398fb80b6655d205066e6593fefceda7e3b09f6b
BazaLoader
d04bdbff24b1bed41536664bb9696387fc6e88756efa76ecf345937e7cfa014d
BazaLoader
e77e27630277a31276539c379671f54095d6b735f0568a3c457ac6a189c4c5b4
BazaLoader
e92d50b6632c11ff8cc4e0d478a1f647c060a97bd9206fb3ae6089104f2e495d
BazaLoader
f6cddc2f46ec3e8dc95b6fe42c6f30745bf0e7d3e9788c35a96199c82fc04f66
BazaLoader
+ 407 additional samples on MalwareBazaar
Result
Malware family:
bazarbackdoor
Create hunting rule
Score:
  10/10
Tags:
backdoor family:bazarbackdoor
Link:
https://tria.ge/reports/200624-2yyc7123hs/
Behaviour
BazarBackdoor
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Cobalt_functions
Create hunting rule
Author:@j0sm1
Description:Detect functions coded with ROR edi,D; Detect CobaltStrike used by differents groups APT

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/12548/

Comments