MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 2c2070acd612d96b786e7f8e5ace1fa0965649d4da600936b9f99bf79e331a72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
BazaLoader
Vendor detections: 9
| SHA256 hash: | 2c2070acd612d96b786e7f8e5ace1fa0965649d4da600936b9f99bf79e331a72 |
|---|---|
| SHA3-384 hash: | 4e5a21d22d8c7fb19f5692d53032f01c23fa9ae5f47250267b601977590e5daa9277a7492ce5cd8049cf36ed9c257ab6 |
| SHA1 hash: | bfe6656b66937c29eca1870f23d0077219d1e5dc |
| MD5 hash: | 006a3070d15f0cb6ae1ea39b510983bb |
| humanhash: | oranges-social-table-utah |
| File name: | DH-1642509211.xll |
| Download: | download sample |
| Signature | BazaLoader |
| File size: | 1'816'064 bytes |
| First seen: | 2022-01-18 12:55:43 UTC |
| Last seen: | 2022-01-18 15:04:25 UTC |
| File type: |  xll |
| MIME type: | application/x-dosexec |
| imphash | f30f2b5b65c947eccbf132b668fe3257 (43 x BazaLoader, 12 x IcedID) |
| ssdeep | 24576:ja1QHwgJMrQqj/wAc6QORNx2nAjwkaBm0GV9igWQlnwXwBwfaljN1X4GtZ+FdnZs:knEKFIhMd8A |
| Threatray | 3 similar samples on MalwareBazaar |
| TLSH | T17985FE43180C819F9867D77421671D97EEB87E47F2C84E1ED1E428B84AEBDA674CA04F |
| Reporter |  ffforward |
| Tags: | BazaLoader BazarLoader wp-roilbask wproilbask xll |
Intelligence
File Origin
# of uploads :
2
# of downloads :
238
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malicious
File Type:
Office Add-Ins - Suspicious
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
rundll32.exe
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win64.Spyware.Bazarloader
Status:
Malicious
First seen:
2022-01-18 12:20:22 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
18 of 28 (64.29%)
Threat level:
2/5
Detection(s):
Suspicious file
Verdict:
malicious
Result
Malware family:
bazarloader
Score:
10/10
Tags:
family:bazarloader dropper loader
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Loads dropped DLL
Bazar/Team9 Loader payload
Bazar Loader
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Distributed via e-mail link
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.