MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c425dddb88f963f7a1e8adf61342b62f8988aed43be64f7f95635611cfe763c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BazaLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	0c425dddb88f963f7a1e8adf61342b62f8988aed43be64f7f95635611cfe763c
SHA3-384 hash:	2ed5a4a1c78b83dfd7da6d64de6643013ff152e95ba12b7010cbe53ced1c57d5da58cd075f5357e88a9ea1f136c48eb6
SHA1 hash:	a6fad15bf8dd122c1c08fddb5fee9db0f42c9680
MD5 hash:	f5749077517631121d6d9cb43708bd0e
humanhash:	friend-crazy-jersey-georgia
File name:	0c425dddb88f963f7a1e8adf61342b62f8988aed43be64f7f95635611cfe763c.dll
Download:	download sample
Signature	BazaLoader Create hunting rule
File size:	309'248 bytes
First seen:	2021-12-16 22:33:23 UTC
Last seen:	2021-12-17 00:52:14 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	49b0e9c062a84059576bfb9ab62c53b2 (1 x BazaLoader)
ssdeep	6144:6QPRHSiXCofwayHYNW4BmC4PzbpebhEW3DygjijRIciIw1fgDGaBNsI:6QPRHTXCofwP4NW4BE7VGhEWWgjijRPD
Threatray	38 similar samples on MalwareBazaar
TLSH	T103648D322BE52FA4E187FD77DB09E1F3C2179C222B438156B695230B90B28D6DE25717
Reporter	Anonymous
Tags:	BazaLoader exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

172

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

f5749077517631121d6d9cb43708bd0e.exe.vir

Verdict:

No threats detected

Analysis date:

2021-12-17 01:57:44 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/87ab290c-f489-41bd-8dc4-f2d63a3da041

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

BazarLoader

Link:

https://www.capesandbox.com/analysis/214686/

Detection(s):

SecuriteInfo.com.W64.Kryptik.FXF.genEldorado.26092.32028.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

DNS request

Transferring files using the Background Intelligent Transfer Service (BITS)

Launching a process

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/2318/overview

Behaviour

MalwareBazaar

Verdict:

Suspicious

Threat level:

5/10

Confidence:

67%

Tags:

packed

Link:

https://www.filescan.io/uploads/61bbbedfcb311996709df40e/reports/b439f47b-e7b7-4364-85f4-13ff81c438bb/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/f6997e23-f0d7-488c-b164-566a45f0b5fe

Result

Threat name:

BazaLoader

Detection:

malicious

Classification:

troj.evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/908819

Signature

Sigma detected: Suspicious Call by Ordinal

System process connects to network (likely due to code injection or exploit)

Yara detected BazaLoader

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0c425dddb88f963f7a1e8adf61342b62f8988aed43be64f7f95635611cfe763c/

Threat name:

Win64.Trojan.BazarLoader

Status:

Malicious

First seen:

2021-12-16 22:34:10 UTC

File Type:

PE+ (Dll)

AV detection:

22 of 28 (78.57%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

078968cfc9af97a102a362ad87cb30e8d3d33d28d0dd7c97fc31e85ff3950611

1f136522cc2cdea93e2086aa67ab07102bcef7e31b201489b43707986824b3f8

45b490e6d8cd1c139ba5797aab43a62a9e5b54ccce29a092c5a356fb8b441565

65cef336fae2eac93b5966f02d48e118ee8e2e084392135e96f02e7713e99611

8f69a3a077e12b5e4ab5a446606f0fc226b827dcafb4f8e1768253b252dca895

cbd830c745bbec26733214798fe144c61ef4bac342c853f8a08b682077b2178b

ed0c061e3de7a017b87fab71f5b1d9e9fe8b8ac416e7d9840fd59d198b4869cb

f18abbc411eb048037a5786fb0615dd48f4954d5ac484e3e25d7515cfe221a45

fb46649e51c1b2fc47d3bc0a129563c7bcb6f7e5353d46e0a0bd2f1205d675b9

+ 28 additional samples on MalwareBazaar

Result

Malware family:

bazarloader

Score:

10/10

Tags:

family:bazarloader dropper loader

Link:

https://tria.ge/reports/211216-2g4agschh9/

Behaviour

Bazar/Team9 Loader payload

Bazar Loader

Unpacked files

SH256 hash:

0c425dddb88f963f7a1e8adf61342b62f8988aed43be64f7f95635611cfe763c

MD5 hash:

f5749077517631121d6d9cb43708bd0e

SHA1 hash:

a6fad15bf8dd122c1c08fddb5fee9db0f42c9680

Link:

https://www.unpac.me/results/96a0dfe4-c9e9-4343-9c13-e7edabe2de4e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/0c425dddb88f963f7a1e8adf61342b62f8988aed43be64f7f95635611cfe763c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 0c425dddb88f963f7a1e8adf61342b62f8988aed43be64f7f95635611cfe763c

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/214686/

URLhaus

https://urlhaus.abuse.ch/url/1892554/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample