MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 0a87bd3bb60320b21e493341b70519af4e46c2e969038d6d89b536cd37aa11d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
BazaLoader
Vendor detections: 7
| SHA256 hash: | 0a87bd3bb60320b21e493341b70519af4e46c2e969038d6d89b536cd37aa11d9 |
|---|---|
| SHA3-384 hash: | fef4034a7dca5df5fd877d750942c5333f622965c94409e97953769713d086d11d79f485e9f2e227ee25a0af6944ceaf |
| SHA1 hash: | 09c6ae06e0c10672d91f6850118f41dc3dd66e72 |
| MD5 hash: | b80f4b91c29963df1cfd0d0a8a30e5c6 |
| humanhash: | connecticut-carolina-oven-montana |
| File name: | vegas.dll |
| Download: | download sample |
| Signature | BazaLoader |
| File size: | 525'312 bytes |
| First seen: | 2021-05-06 15:19:23 UTC |
| Last seen: | 2021-05-06 16:02:11 UTC |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | e8d4da784bae943bf5ac23216925ec04 (1 x BazaLoader) |
| ssdeep | 12288:ga6g2O+gAaY9cc40TeAjaRoA5FZuY+F4:gZlOBAaY9RCy05FZuYq |
| Threatray | 19 similar samples on MalwareBazaar |
| TLSH | 95B48C603143C127E2326E36CD0BE5FC15C17D29EE2A190B75D63F6FBB362518A3A265 |
| Reporter | Anonymous |
| Tags: | BazaLoader |
Intelligence
File Origin
# of uploads :
3
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Clean
Maliciousness:
Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Bazar Loader
Detection:
malicious
Classification:
spyw.evad
Score:
72 / 100
Signature
Detected Bazar Loader
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Generic
Status:
Suspicious
First seen:
2021-05-03 20:17:54 UTC
AV detection:
5 of 29 (17.24%)
Threat level:
5/5
Verdict:
malicious
Similar samples:
+ 9 additional samples on MalwareBazaar
Result
Malware family:
bazarbackdoor
Score:
10/10
Tags:
family:bazarbackdoor backdoor
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blocklisted process makes network request
BazarBackdoor
Unpacked files
SH256 hash:
0a87bd3bb60320b21e493341b70519af4e46c2e969038d6d89b536cd37aa11d9
MD5 hash:
b80f4b91c29963df1cfd0d0a8a30e5c6
SHA1 hash:
09c6ae06e0c10672d91f6850118f41dc3dd66e72
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [C0051] File System Micro-objective::Read File
1) [C0052] File System Micro-objective::Writes File
2) [C0007] Memory Micro-objective::Allocate Memory
3) [C0034.001] Operating System Micro-objective::Set Variable::Environment Variable
4) [C0040] Process Micro-objective::Allocate Thread Local Storage
5) [C0043] Process Micro-objective::Check Mutex
6) [C0041] Process Micro-objective::Set Thread Local Storage Value
7) [C0018] Process Micro-objective::Terminate Process