MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ba0cd39397ce42a5a678b0ef803f99267dc16de6383f61107e298633e23e436. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DBatLoader

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	0ba0cd39397ce42a5a678b0ef803f99267dc16de6383f61107e298633e23e436
SHA3-384 hash:	145298bebb96d70ec66200b0d0cc2bfa4869806fd11129223406b9e19a174873e049944fbb7f9ef46c6512ec1edfa096
SHA1 hash:	f3618daef362aff3ec66e50209839898937fcde4
MD5 hash:	7301eac7292e0a6c62696f90f8e55093
humanhash:	steak-cola-lactose-speaker
File name:	7301eac7292e0a6c62696f90f8e55093
Download:	download sample
Signature	DBatLoader Create hunting rule
File size:	937'472 bytes
First seen:	2022-01-25 10:30:05 UTC
Last seen:	2022-01-25 14:02:09 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	518c8881434b4a4799e1be06dcc95f2c (1 x Formbook, 1 x DBatLoader)
ssdeep	24576:y0ifLhN+8KXXPLrmSGS/Jj+Usd5DCQ3KKT7vdGe:y0F/XqDCeKg
Threatray	795 similar samples on MalwareBazaar
TLSH	T1DF159D22B2D04833D47366785D4F67F9582BBE002E58B98A2AF92D4C5F393407876F97
File icon (PE):
dhash icon	b2b0f1ecccce9e98 (2 x Formbook, 1 x DBatLoader, 1 x AveMariaRAT)
Reporter	zbetcheckin
Tags:	32 DBatLoader exe

Intelligence

File Origin

# of uploads :

# of downloads :

149

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

FBL12TG272GAHS735300.xlsx

Verdict:

Malicious activity

Analysis date:

2022-01-25 10:07:09 UTC

Tags:

encrypted opendir exploit CVE-2017-11882 loader

Link:

https://app.any.run/tasks/2518a4f0-df76-4fa5-b6c7-a2972abc4020

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/222358/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader44.35248.16583.28770.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

DNS request

Sending a custom TCP request

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/5072/overview

Behaviour

CheckScreenResolution

CheckCmdLine

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

control.exe keylogger packed remote.exe replace.exe

Link:

https://www.filescan.io/uploads/61efd1680f8c757253e67138/reports/82135e87-a00f-46fb-8f5c-f3b01efc34a7/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/e68996b0-3488-4c29-843a-48695881e8ef

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/926969

Signature

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0ba0cd39397ce42a5a678b0ef803f99267dc16de6383f61107e298633e23e436/

Threat name:

Win32.Trojan.SpyNoon

Status:

Malicious

First seen:

2022-01-25 05:01:38 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

28 of 43 (65.12%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=boqm2ojzptscuwthrmhpqa7zsjt5yfw6mob7meih4kmggprd4q3a._file

Verdict:

malicious

DBatLoader

5f14d3a74387554c330e7ee790f26fb55c5bfeb1dbefc6f2de93ba69d46383e8

DBatLoader

6801e72d76e2131ff91a42e054fdcf34f0c024e203b1e314beefe8dee734acf2

DBatLoader

6c6411e168c6e04022e9314130b25ae03380de6791d6a801f150679fddb64934

DBatLoader

7b2232160ba59858c112d6dcb2252701cdb5c1e38b216fb046bd13718c2716ce

DBatLoader

a7d0cff6a05994c0ae576fa842e44a101879317f62466923f1d96adee2c4a898

DBatLoader

b17c3b52340b1f33f4c2e5ce9eb6de617bd28c9525d12b56de031f5367bf7f9a

DBatLoader

eac2512bff3db9994fa6e61b9ce95ea395e87009200fc18b017e2101e529541b

DBatLoader

f47f29cebfa58b4356cea3bb53b36d669a2c4ef9481b48efadcfd1129b518768

DBatLoader

+ 785 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220125-mjvc2aeagm/

Unpacked files

SH256 hash:

9cebbcef1bd6016dfebf4c69f4c49501d914d5a8607777eba952d7ad40346f9a

MD5 hash:

322f2da5c29542aaecc9ee17e1fe7f00

SHA1 hash:

734c432e2595d53c82ee28604f909d3390018dd8

Detections:

win_dbatloader_w0

Link:

https://www.unpac.me/results/d1f233b1-3e28-4f92-b5ec-fd6aae9f910f/

Parent samples :

a7d0cff6a05994c0ae576fa842e44a101879317f62466923f1d96adee2c4a898
770c04c7c3a53d584af17e38e8e3fe5767d431e26ca59b4dc20de71045354295
c1bd90e8816e506f387b5552b7487423da84b9818cf4e94f175ed7206cffe4f5
b93811479bf82f08e97be19c596166482cdb2b31b8762c8c310307dfd6dab61e
bed2b6abf700b607d4f856c63832bae23f4120a8786b5af4cbdaa0d8525a47bc
0d9facf6b7073de4e3db19eb64e80589d98cfe35b66942191390a891bb8b241c
3add41c98717984fa6f6d1bff7b1506024e2d91932b60a43810498c44daaef86
ddfc4415217ec461350071b0965a1132ad43472bdc15980da23c46d8f1da188e
b5cea089bb899e75deef98dc1569dc3af17a070f6fa594377b49299d63bbbd8f
7b2232160ba59858c112d6dcb2252701cdb5c1e38b216fb046bd13718c2716ce
b83152fc7fc7aa9950add1de9c3d12e107e3b6eb481c1a368018ed26d3792cdc
0ba0cd39397ce42a5a678b0ef803f99267dc16de6383f61107e298633e23e436
f69c67cbf4e8f7e6d0f9157de994b80e6eb0f7b251dcc461940d51659055640f
5508d3fe5c41c4dec4a7570f0d60af3b6ba8cb9251ee1eae91e8fc061c3f58ef
cab0b398ecbf051d2fefcd25624c8f2b8119d52304c4e9836ede3b5391119fe6
4e837a08dd24b1f710c6fce10f974a49141decf103d6aeb290c0d36bba75121b
7a5846b1a7c0bbada0892d8b315bef3b4682192268da9ea779e98449681dd7ed
94ca0af32ea93d62fa355e450747ae9755c5dcd09e7b4186cd5bd04d7fc56565
0183d2fd44e215d6dc408bec45db9767a765767737b737032ff97e75adca46cd
5a04697834016e869389ef0d6a08656669cf5597fe0a6378a993250d311482e3
01e537ab28cea013b9a08939057369aa9369e8ff009231cb95101dc24348bb2e
76389098be8a410aaf6b21297912f6ef745db6e8a2f2aaaddda8685bd91091c3
662c7dc1c6b6fbc7cb4622876c0b0b2a42dba7081adede8a65182aef085f7082
7793e93512bcef7b9d90de59ef17b8771ecc9da854da2f4c8b3be8ba3c5a2c20

SH256 hash:

0ba0cd39397ce42a5a678b0ef803f99267dc16de6383f61107e298633e23e436

MD5 hash:

7301eac7292e0a6c62696f90f8e55093

SHA1 hash:

f3618daef362aff3ec66e50209839898937fcde4

Link:

https://www.unpac.me/results/d1f233b1-3e28-4f92-b5ec-fd6aae9f910f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.50

Link:

https://yomi.yoroi.company/submissions/0ba0cd39397ce42a5a678b0ef803f99267dc16de6383f61107e298633e23e436

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DBatLoader

exe 0ba0cd39397ce42a5a678b0ef803f99267dc16de6383f61107e298633e23e436

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/222358/

URLhaus

https://urlhaus.abuse.ch/url/2004759/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample