MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26f3b97dfdcffc516a890f5e0bd3539c63603c26bea8298e7376ab9f9b53433a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26f3b97dfdcffc516a890f5e0bd3539c63603c26bea8298e7376ab9f9b53433a
SHA3-384 hash: 59e3c5e1501cd06e14b1e49adf81b7d1f9a1447961b87b1a78b4843951bb2e5e5d4e93429162164192fefa0d56b9b1ff
SHA1 hash: 9b0061a53b5e2e6bdb30edb55eafc8ea89ac9fc6
MD5 hash: 7484d7f01dc2ddb30a6e3027389d53a6
humanhash: missouri-orange-oscar-magnesium
File name:FQ4jzOGrg6udVQoV9d7S.dexored
Download: download sample
Signature BazaLoader
Create hunting rule
File size:189'440 bytes
First seen:2021-07-07 15:25:15 UTC
Last seen:2021-07-07 15:48:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash aade7ba79f860dd3dec2afa9daec4f42 (2 x BazaLoader)
ssdeep 3072:ZfkkLfel75uouLeviqlFXr9Gu3ttrk1h6FDa0zzQxEtt9Q9jBu/vmOTMrTdGuUav:lkkyXEattQ1h6HQuto9F6k0uUa2YGZU/
Threatray 908 similar samples on MalwareBazaar
TLSH T1B4048D11FB83C0B5DD6708B054E0A53ECD383D144578AEEBDF908F6E9F242618E39A5A
Reporter Racco42
Tags:BazaLoader dexored exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
170
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
FQ4jzOGrg6udVQoV9d7S.dexored
Verdict:
Suspicious activity
Analysis date:
2021-07-07 15:29:49 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f5107c8a-3147-4ce7-b62d-9b6b0aff11f6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/170220/
Detection(s):
SecuriteInfo.com.Variant.Razy.873436.5799.16716.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/812966
Signature
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 445377 Sample: FQ4jzOGrg6udVQoV9d7S.dexored Startdate: 07/07/2021 Architecture: WINDOWS Score: 48 20 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->20 7 FQ4jzOGrg6udVQoV9d7S.exe 14 2->7         started        process3 dnsIp4 18 3.223.125.168, 443, 49743, 49748 AMAZON-AESUS United States 7->18 10 cmd.exe 1 7->10         started        12 cmd.exe 1 7->12         started        process5 process6 14 conhost.exe 10->14         started        16 conhost.exe 12->16         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26f3b97dfdcffc516a890f5e0bd3539c63603c26bea8298e7376ab9f9b53433a/
Threat name:
Win32.Trojan.Bazarbackdoor
Create hunting rule
Status:
Malicious
First seen:
2021-07-07 15:34:38 UTC
AV detection:
13 of 46 (28.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e3z3s7p5z76fc2ujb5paxu2ttrrwapbgx2uctdtto2vz7g2tim5a._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
1b4dc75e64b5c252b762bf6e368e70bd4dc2b6c069953c158123cbbb3c49e989
BazaLoader
1df7adb79eb1757f7c54e86369c72a38b24ec25a608d5281b289d5e018e81757
BazaLoader
3ab24a8fd91dc87da83930eb33c9bab160031eaca849f9ecc32448b386e2f724
BazaLoader
3cd2b72f85d145e8bfc5fadc184e97d6d102e3b22a45815358c43538c9c1dc18
BazaLoader
63460db804ae28d642ede8b1c6126958dc0d42c4e526903fca6e147569a7b9d0
BazaLoader
678de819abf5f00b28eaaa8239169a08a75050a4df26fe3ce5b262d6c7b6cb24
BazaLoader
7f77b60f4ba221f7a29938d0b3e8f568a4ecb4f010a122770a4173cd96d32c4e
BazaLoader
acb81dadb44ea5fac7a47aa1829865e765524bff935c74e2f31af97ed81b7479
BazaLoader
c22df6708ee597cfbc4079d96503e8159104cdf1f0d3a9fecb6741a9e152d0b2
BazaLoader
f90aeb669c32ed6f1009101cc3c071a840f25c7828035601e92f4e17cd95b606
BazaLoader
+ 898 additional samples on MalwareBazaar
Result
Malware family:
bazarbackdoor
Create hunting rule
Score:
  10/10
Tags:
family:bazarbackdoor backdoor
Link:
https://tria.ge/reports/210707-ksl4ptt8k2/
Behaviour
Suspicious use of WriteProcessMemory
BazarBackdoor
Unpacked files
SH256 hash:
26f3b97dfdcffc516a890f5e0bd3539c63603c26bea8298e7376ab9f9b53433a
MD5 hash:
7484d7f01dc2ddb30a6e3027389d53a6
SHA1 hash:
9b0061a53b5e2e6bdb30edb55eafc8ea89ac9fc6
Link:
https://www.unpac.me/results/2ec9a4b7-2825-4e92-9d37-3d82ca242919/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/26f3b97dfdcffc516a890f5e0bd3539c63603c26bea8298e7376ab9f9b53433a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/170220/

Comments