MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f6cddc2f46ec3e8dc95b6fe42c6f30745bf0e7d3e9788c35a96199c82fc04f66. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f6cddc2f46ec3e8dc95b6fe42c6f30745bf0e7d3e9788c35a96199c82fc04f66
SHA3-384 hash: 2279e46355bd359541540c9ab38a73e00f1b13be4625a167230f43a952546f8da34e6f1fe8c5afc0fd718ebbc601bac3
SHA1 hash: d243c7f7bf043cf8b390b2d9a04f01e70180181a
MD5 hash: b7df645439488d92beb2dd05f6960d5f
humanhash: speaker-california-quiet-hotel
File name:f6cddc2f46ec3e8dc95b6fe42c6f30745bf0e7d3e9788c35a96199c82fc04f66.bin
Download: download sample
Signature BazaLoader
Create hunting rule
File size:318'128 bytes
First seen:2020-06-23 07:56:48 UTC
Last seen:2020-06-23 08:43:47 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 75eaadbcdbe8abf734664fe58f8ee85a (1 x BazaLoader)
ssdeep 6144:WnUyROMpj9knjpDTgu4RDHcqZmeN9CGSiVMryu1Y5IDfsykgo:SRRhF9kndPKcom7GSuMrdkt
Threatray 840 similar samples on MalwareBazaar
TLSH F664AF3E639548FCDCA7A634C9E19505E732781D4334974E47E00A6BEF372A1AD26B32
Reporter kk_onstantin
Tags:BazaLoader

Code Signing Certificate

Organisation:DigiCert High Assurance EV Root CA
Issuer:DigiCert High Assurance EV Root CA
Algorithm:sha1WithRSAEncryption
Valid from:Nov 10 00:00:00 2006 GMT
Valid to:Nov 10 00:00:00 2031 GMT
Serial number: 02AC5C266A0B409B8F0B79F2AE462577
Intelligence: 204 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 7431E5F4C3C1CE4690774F0B61E05440883BA9A01ED00BA6ABD7806ED3B118CF
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/12918/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f6cddc2f46ec3e8dc95b6fe42c6f30745bf0e7d3e9788c35a96199c82fc04f66/
Threat name:
Win64.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 07:26:39 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=63g5yl2g5q7i3sk3n7scy3zqorn7bz6t5f4iynnjmgm4ql6aj5ta._file
Verdict:
malicious
Similar samples:
04ad133967d2076e4ce4cbd04c058ba7e8e3725fb72102e2b1b5de433f44de33
BazaLoader
467c33cb979804dad154612a808f2ea234f7501f8d36bf610ed457cc48993c49
BazaLoader
54c3e01a3dee75c7137c63a25915b7bec1876a8fc65047eff99b97d9ca6cd5c6
BazaLoader
6b24ebfb84665cb844410ec9f948cfcf7f6d08f4ede16d52930c53236390848f
BazaLoader
6f6351e0d8ebf90dc864996ebce30e60e8887f8c7f477fc3bec23806a1def95c
BazaLoader
7f757770f2049c23624a483feb6e9331693ded0dafb9c636f96fe6b9307a704c
BazaLoader
b4b7f0fd63cda1269ee937fa398fb80b6655d205066e6593fefceda7e3b09f6b
BazaLoader
d04bdbff24b1bed41536664bb9696387fc6e88756efa76ecf345937e7cfa014d
BazaLoader
e77e27630277a31276539c379671f54095d6b735f0568a3c457ac6a189c4c5b4
BazaLoader
e92d50b6632c11ff8cc4e0d478a1f647c060a97bd9206fb3ae6089104f2e495d
BazaLoader
+ 830 additional samples on MalwareBazaar
Result
Malware family:
bazarbackdoor
Create hunting rule
Score:
  10/10
Tags:
backdoor family:bazarbackdoor
Link:
https://tria.ge/reports/200624-be3vntnbpn/
Behaviour
BazarBackdoor
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Cobalt_functions
Create hunting rule
Author:@j0sm1
Description:Detect functions coded with ROR edi,D; Detect CobaltStrike used by differents groups APT

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/12918/

Comments