MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf535eb0782fd0ee4c246fcca439c85b79f5854e80ae1128d6314b7d76fef110. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf535eb0782fd0ee4c246fcca439c85b79f5854e80ae1128d6314b7d76fef110
SHA3-384 hash: 7c675f813ef029f0c15e9b1691c0915cc5c020779d8f964ee0febcedbb86d7169f7d4fd1578fd21a9c86fcd9a5716006
SHA1 hash: d1e1329f0b68a75bf47a9b5957f7aa1dff8c11b9
MD5 hash: a5120458f05320d306041e37ce72c0c9
humanhash: bulldog-sierra-friend-red
File name:Report13-10.exe
Download: download sample
Signature BazaLoader
Create hunting rule
File size:619'728 bytes
First seen:2020-10-13 19:51:15 UTC
Last seen:2020-10-14 05:49:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7ddd2b39acef678bb89d39a004fc4b0d (1 x BazaLoader)
ssdeep 3072:LnjHppnfesWR1lGs4PJkGDcH76WzVAoCzE6lbSMiulSu9KEcYG7Vx3ZzExDNygQJ:Lzk/Gs4PJ1W6bEcbtYact7Vx3NExq
Threatray 169 similar samples on MalwareBazaar
TLSH B2D45EC3F449344CF8DF437BB8EA4E29B1D26D920943290261763FA5BF3259157C8AAD
Reporter ffforward
Tags:BazaLoader SNAB-RESURS OOO

Code Signing Certificate

Organisation:DigiCert High Assurance EV Root CA
Issuer:DigiCert High Assurance EV Root CA
Algorithm:sha1WithRSAEncryption
Valid from:Nov 10 00:00:00 2006 GMT
Valid to:Nov 10 00:00:00 2031 GMT
Serial number: 02AC5C266A0B409B8F0B79F2AE462577
Intelligence: 204 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 7431E5F4C3C1CE4690774F0B61E05440883BA9A01ED00BA6ABD7806ED3B118CF
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70601/
Detection(s):
SecuriteInfo.com.Generic.mg.a5120458f05320d3.27669.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Transferring files using the Background Intelligent Transfer Service (BITS)
DNS request
Sending a custom TCP request
Sending a UDP request
Launching cmd.exe command interpreter
Using the Windows Management Instrumentation requests
Launching the process to interact with network services
Launching a process
Unauthorized injection to a system process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/490283
Signature
Multi AV Scanner detection for submitted file
Yara detected Keylogger Generic
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 297587 Sample: Report13-10.exe Startdate: 13/10/2020 Architecture: WINDOWS Score: 52 20 Multi AV Scanner detection for submitted file 2->20 22 Yara detected Keylogger Generic 2->22 6 Report13-10.exe 18 2->6         started        9 Report13-10.exe 4 2->9         started        process3 dnsIp4 18 breezdesign.com 34.221.202.231, 443, 49741, 49743 AMAZON-02US United States 6->18 11 WerFault.exe 20 9 6->11         started        14 cmd.exe 6->14         started        process5 file6 16 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 11->16 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cf535eb0782fd0ee4c246fcca439c85b79f5854e80ae1128d6314b7d76fef110/
Threat name:
Win64.Trojan.Bazaloader
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 19:53:05 UTC
File Type:
PE+ (Exe)
Extracted files:
10
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z5jv5mdyf7io4tben7gkiooiln47lbkoqcxbckgwgffx25x66eia._file
Verdict:
malicious
Similar samples:
1582d076196f0650d039eafc189042cdd33d512ac09ce5cf08e733ab950a5aee
BazaLoader
38e2a81ba89534d8affdbf5c0af01eee821afba968d02ca2cd855a6209c86caa
BazaLoader
707359e057db0e6ccf9d99f655eef38126e23e81a5a281b520591359a2ff875a
BazaLoader
75897aec122b3003c82487031570723bf6ba8dbb20dad42812af93de542b55e2
BazaLoader
7dd760acef6e4e8852e91cec3c0b1ea1e4a8dc5f7ae43737f0d05714c0f9e1ba
BazaLoader
8348ff13205b4318e1831d72ef9a112bebbf45d32359c67f2f24bc6c56433a89
BazaLoader
8fda255ad8f56d6490625e25f2859ef862e56f259720e169e4461de4ddd4c0b3
BazaLoader
aa1be103378c35cac611142349b9d6d81eced0713cd7cba343fa93648494102e
BazaLoader
ba88c5da9e0da61bb89e40c58e85d2f5c049613dae5d5b7cc847558ca8e84aac
BazaLoader
e527dc82a2d660e859061438626809fb3732320796a7c6bbd96ad902a032a908
BazaLoader
+ 159 additional samples on MalwareBazaar
Result
Malware family:
bazarbackdoor
Create hunting rule
Score:
  10/10
Tags:
backdoor family:bazarbackdoor
Link:
https://tria.ge/reports/201013-r83yzn8zae/
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blacklisted process makes network request
BazarBackdoor
Unpacked files
SH256 hash:
cf535eb0782fd0ee4c246fcca439c85b79f5854e80ae1128d6314b7d76fef110
MD5 hash:
a5120458f05320d306041e37ce72c0c9
SHA1 hash:
d1e1329f0b68a75bf47a9b5957f7aa1dff8c11b9
Link:
https://www.unpac.me/results/babae203-c7f9-4294-87d3-33851efbcae7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.91
Link:
https://yomi.yoroi.company/submissions/cf535eb0782fd0ee4c246fcca439c85b79f5854e80ae1128d6314b7d76fef110

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/ffforward/status/1316098103288750081
  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/70601/

Comments