MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e6ee19a985c67d167781cb065ce16b65bb44202b3d2f7c4552169684b4618b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e6ee19a985c67d167781cb065ce16b65bb44202b3d2f7c4552169684b4618b8
SHA3-384 hash: b03cfb92c4ce6d625c390612e765ec52ba077f3d20ab16767a99977e8c09b6d95d1bf5e8223b3213127e8bab91eb199d
SHA1 hash: 353fdd29f52771767099ab7f9e4c85a3be0d11ba
MD5 hash: 7607c39424373a675d559d36a2faabba
humanhash: lima-red-yellow-table
File name:7607c39424373a675d559d36a2faabba.exe
Download: download sample
Signature BazaLoader
Create hunting rule
File size:1'115'951 bytes
First seen:2021-02-04 12:25:36 UTC
Last seen:2021-02-04 13:46:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7a6929e0f1fff8ae01a43399d3409b77 (4 x BazaLoader)
ssdeep 3072:xwEqGy+3gxEKzPxkx6WSzVmbPPz8sMIAwVAxaokNBeQpVv+UK5EWtC:xxZJKEKzPxE3PPQsWw6hkOdp
Threatray 5 similar samples on MalwareBazaar
TLSH 1A357B53A25825F6E8B3877888504502FFB3B4B15B349B5F8A78427A4F273907E6DF60
Reporter abuse_ch
Tags:BazaLoader exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7607c39424373a675d559d36a2faabba.exe
Verdict:
No threats detected
Analysis date:
2021-02-04 12:30:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/43991475-094b-4246-b8dc-0e86d7b4e133

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
BazaLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/115621/
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Bazar Loader
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/599185
Signature
Allocates memory in foreign processes
Contains functionality to inject code into remote processes
Detected Bazar Loader
Injects a PE file into a foreign processes
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
Sample uses process hollowing technique
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Writes to foreign memory regions
Yara detected Bazar Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1e6ee19a985c67d167781cb065ce16b65bb44202b3d2f7c4552169684b4618b8/
Threat name:
Win64.Backdoor.Mozaakai
Create hunting rule
Status:
Malicious
First seen:
2021-02-04 12:26:09 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dzxodguylrt5cz3ydsygltqwwzn3iqqcwpjpprcvefuwqs2gdc4a._file
Verdict:
unknown
Similar samples:
4657e61a965ee1bac9c04ece5069ff919883fa90871e0be9e9dc2d2f61d6d042
BazaLoader
48c0c8813d15f6e83c5cd70710b9b9b42e030fd3440a6e1e9ae01b357f8071d6
BazaLoader
7a51872b8369ac8cc85e0f1a76e8706cf91de1a4b50758c939cdfd63605ed254
BazaLoader
a507c80819c6de957d0fba1cc84256dacdfe35588c2d8587da6acaa750e767b3
BazaLoader
aa59d62502b9b66c39b5f8a4d7905ba6ca72a7093f5a520456cb3c6cb22cd908
BazaLoader
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210204-wv4j2hkyee/
Unpacked files
SH256 hash:
1e6ee19a985c67d167781cb065ce16b65bb44202b3d2f7c4552169684b4618b8
MD5 hash:
7607c39424373a675d559d36a2faabba
SHA1 hash:
353fdd29f52771767099ab7f9e4c85a3be0d11ba
Link:
https://www.unpac.me/results/a13f375a-07d2-4bef-9cf5-df42452f3a8f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Bazar
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1e6ee19a985c67d167781cb065ce16b65bb44202b3d2f7c4552169684b4618b8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BazaLoader

Executable exe 1e6ee19a985c67d167781cb065ce16b65bb44202b3d2f7c4552169684b4618b8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/989715/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/115621/

Comments