MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 156b6bacda73c72c39b0f074f77bbf9bcfb4d26073d6b6c50db29ac126dacc48. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DBatLoader

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	156b6bacda73c72c39b0f074f77bbf9bcfb4d26073d6b6c50db29ac126dacc48
SHA3-384 hash:	dbee1394dc08e3c635e39000877da1cc99194f1420690208faa7417f3322369da6156724e71f17936a81a6e3c5b2c5a9
SHA1 hash:	e2cc730b05ce1148d4214012e7edfe58df3afaae
MD5 hash:	a15172374fcac42432f11ff81cc7ac73
humanhash:	xray-orange-carbon-nineteen
File name:	SecuriteInfo.com.Win32.BackdoorX-gen.17168.24221
Download:	download sample
Signature	DBatLoader Create hunting rule
File size:	728'576 bytes
First seen:	2022-11-17 10:35:21 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	78cad39d015f66afeeaff488e9640c69 (3 x DBatLoader, 1 x ModiLoader)
ssdeep	12288:iDjeLlJcFNDJJCTbtCkiCvGMJfGb8/4OQ2kXc4L0Y:iDiT6pyJhGMJfGw/LQ2x43
Threatray	214 similar samples on MalwareBazaar
TLSH	T19CF47D43E1542CB1F863173A582F9ACA70056FB13D24EC4616FABD4B7A7A3833527987
TrID	65.6% (.EXE) Win32 Executable Borland Delphi 7 (664796/42/58) 25.9% (.EXE) Win32 Executable Borland Delphi 6 (262638/61) 4.2% (.EXE) InstallShield setup (43053/19/16) 1.3% (.EXE) Win32 Executable Delphi generic (14182/79/4) 1.2% (.SCR) Windows screen saver (13097/50/3)
File icon (PE):
dhash icon	903cec8cb2928e69 (2 x DBatLoader)
Reporter	SecuriteInfoCom
Tags:	DBatLoader exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

225

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

SecuriteInfo.com.Win32.BackdoorX-gen.17168.24221

Verdict:

Malicious activity

Analysis date:

2022-11-17 10:36:02 UTC

Tags:

installer trojan

Link:

https://app.any.run/tasks/8a0912ee-5a14-4f42-8c9c-4a41bf26cce2

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/335283/

Detection(s):

SecuriteInfo.com.Win32.BackdoorX-gen.17168.24221.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Sending a custom TCP request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

keylogger overlay

Link:

https://www.filescan.io/uploads/63760ec007c3f5e84a019d07/reports/46fbc058-006f-460b-8655-bff7bd328e5d/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/e200f1a4-3414-4640-ba34-186e09f9ac41

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1115656

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/156b6bacda73c72c39b0f074f77bbf9bcfb4d26073d6b6c50db29ac126dacc48/

Threat name:

Win32.Backdoor.Remcos

Status:

Malicious

First seen:

2022-11-17 10:37:09 UTC

File Type:

PE (Exe)

Extracted files:

103

AV detection:

24 of 26 (92.31%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

5180dca560ce8ad4b5001b77e3da2897890c00bab9193d0bdbd294e6b5fc8b80

6ffcc5061fbafa5eeee756b0292d6ec83109623b786b8e2f5ca5ecbd92a816c0

7a9c39d98ace102b6fa94aafaa6bd652b17b247da09bee12e84fca6302b08e19

97672b7a0e6ab5bdc206aecdc117fd9ec7529db666f9c30764fa0d4e31fa48bb

b812dd30a73b638b960af5ef21e2e3dcf807728b381a8f71553e0a32d2307b92

bec4ef3573fb041d4a688c353f4682186f2bfe3918e9add4b9c5ceda5ec2627c

f6ddc63173d134db79db880c7f5b338987f31ddd36cfcb27cf15e3bb08a507bb

+ 204 additional samples on MalwareBazaar

Result

Malware family:

modiloader

Score:

10/10

Tags:

family:modiloader trojan

Link:

https://tria.ge/reports/221117-mnmhzseb77/

Behaviour

ModiLoader Second Stage

ModiLoader, DBatLoader

Verdict:

Informative

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/7ca5e33d-d590-417c-9b13-bae5b89b94ad

Unpacked files

SH256 hash:

1494a33fa85c9b609208c2e736a0c590c92dd5d79a3f509c494f682ee2d484e7

MD5 hash:

0bcecb06ccc102834b83ea842fdd14b8

SHA1 hash:

d6b3de267f00247a22f6f6a445b1d2050ff83535

Detections:

win_dbatloader_g1

Link:

https://www.unpac.me/results/aa2ce325-7a5e-437c-8d54-664869d61263/

Parent samples :

2849d370b64fa3eb3cb21ab9a187c80f1b93ad00292cf1a4e8f604759891a784
29944768d8d93078ee98c57fd67476e8e24dc7c86d727f2161cd97c3110e000d
765372380d835862f3098f02651cd0b10925fbe2af78d4c55031a9d311a02c45
034c4dc5c694755d9ad90526bff5e54caaa1bef51e579a8deda6f66c70caf76a
bb472659fae10a9d6b5396aa6bd416183a5b389ffcd0c98e90e47010a7be6f60
2429599075a40fa9c6292d8539e08aeb0915c021a3a8011803a3ba9c16e92ae4
156b6bacda73c72c39b0f074f77bbf9bcfb4d26073d6b6c50db29ac126dacc48
3ec75aa62228c2043c7834516a087d14fb0ff1cf89a060edb10cbd3e296e3fc4
dc3f64f01b34de10c06e4f6f9a00e0d6d3213e5d7d3b13df5219287d4b0ec1a8
f427c71c5ba96a77ef1dd5d6759008b1eb76b633e2aca03d3d3b3257b0ef45c0
fe99fa21fce81c6942e8afbc5e77343d0e0ae7c99aa900a39fd5a01cfb4c3c2d
0154435a9ca1ab793fb98c95b9fc1cef9b64cb6e54e7b0af6cc358018476ee11
19dfb862ebeb174e3926bffea642248bd3b44fe008d62f2215bd54192902451a

SH256 hash:

156b6bacda73c72c39b0f074f77bbf9bcfb4d26073d6b6c50db29ac126dacc48

MD5 hash:

a15172374fcac42432f11ff81cc7ac73

SHA1 hash:

e2cc730b05ce1148d4214012e7edfe58df3afaae

Detections:

DbatLoaderStage1

Link:

https://www.unpac.me/results/aa2ce325-7a5e-437c-8d54-664869d61263/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.60

Link:

https://yomi.yoroi.company/submissions/156b6bacda73c72c39b0f074f77bbf9bcfb4d26073d6b6c50db29ac126dacc48

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/335283/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample