MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e8fabb2630aa1cb967d2833917ee7b67c95277ac7fe4ecc25d36cdc670abf95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e8fabb2630aa1cb967d2833917ee7b67c95277ac7fe4ecc25d36cdc670abf95
SHA3-384 hash: 1aee49ca0a6cf5977df132c97413bcf6906d82bfd48f691886f91accda9b9a05b45be3cdf0a3542d6a6980c6e3418c7f
SHA1 hash: d7dd166f3f07e6d5c7bc3814b2d8296fffd34fbc
MD5 hash: c23981db7450866c914311f83330814e
humanhash: robin-foxtrot-avocado-alabama
File name:currCurr.jpg.exe
Download: download sample
Signature BazaLoader
Create hunting rule
File size:274'944 bytes
First seen:2021-09-13 15:58:35 UTC
Last seen:2021-09-13 17:23:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ac44c0b885b3af7e07244f7940d0e3e (1 x BazaLoader)
ssdeep 6144:vTiRJZWsO4f71A/pUVG5nQ3q3ZN9/RoKPfKP1a5D+4lokohSDO:b7shp6H5Q3q3ZPZoKPyPK+4lpo
Threatray 10 similar samples on MalwareBazaar
TLSH T117446A1861DE99E8F923913C89638E13D67178490778CAFF03F489B61F939A27939F11
Reporter AndreGironda
Tags:BazaLoader BazarBackdoor exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
199
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
currCurr.jpg.exe
Verdict:
No threats detected
Analysis date:
2021-09-13 16:01:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/43a05515-2304-4209-b44d-557c9795c1f4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.ArtemisC23981DB7450.11268.29566.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/617503689a5a1e91c5d1fd28/reports/fe80a062-62f9-4233-a627-b0c9714a24b8/overview
Malware family:
BazarBackdoor
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4ced7925-9bbb-446f-85a4-19f92e3182d0
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/849965
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Uses an obfuscated file name to hide its real file extension (double extension)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2e8fabb2630aa1cb967d2833917ee7b67c95277ac7fe4ecc25d36cdc670abf95/
Threat name:
Win64.Trojan.BazarLoader
Create hunting rule
Status:
Malicious
First seen:
2021-09-13 15:59:14 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
020cdb33c05b46de2b27327759b0c02a8c0f3790f7c483bb9e4965cabe8a09c6
BazaLoader
72322a8878b2f8df066d2f3b1d6bc53d8dd53a6287c3e65281a6eb5d74bffee0
BazaLoader
976328794f9114fe51c80ce0f05e4a35a94802c2fd99f3eb3c8bdeccbff5adb7
BazaLoader
9dcbcfbebaa313cfef45601dae08a0406edd349fd9ffefee1a5fe8e0b673c4d9
BazaLoader
af98c1743907c9a1429a6f01446bab875cbd273935b4ecfcd1f1b4db430a8ece
BazaLoader
b3783552bf95bc8b30a28c8d590a5081193fd6a690403dfb400c240237c8c956
BazaLoader
bc0a0ea0c006ac8b53077bd5f2459cf336a0293c19b8e8ff3c3ac0b04e7c6cba
BazaLoader
dcf67fd6bfb62bea66f5e45d871d6c15b0c61d85c5fa9e9ded03e57f83dfc814
BazaLoader
f796ca1010553654951b4ae4ca8ea20d473a6c272e635dc0904f0d3761f250d5
BazaLoader
Result
Malware family:
bazarbackdoor
Create hunting rule
Score:
  10/10
Tags:
family:bazarbackdoor
Link:
https://tria.ge/reports/210913-te3beahbdj/
Unpacked files
SH256 hash:
2e8fabb2630aa1cb967d2833917ee7b67c95277ac7fe4ecc25d36cdc670abf95
MD5 hash:
c23981db7450866c914311f83330814e
SHA1 hash:
d7dd166f3f07e6d5c7bc3814b2d8296fffd34fbc
Link:
https://www.unpac.me/results/3696bd04-74ea-49a8-b090-b3a9263d9c44/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2e8fabb2630aa1cb967d2833917ee7b67c95277ac7fe4ecc25d36cdc670abf95

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BEERBOT_V4
Create hunting rule
Rule name:BEERBOT_V4
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

f692de5772c7123c84cbcf3cbd8177e321b2e6252b25491f91126c432bc6bb87

BazaLoader

Word file doc 330f1da454bce0a5b16245971a404c629ebe272524dc01ce46605556cd15191b

BazaLoader

HTML Application (hta) hta d869fccdb3807528fb62cabc388d4ad9da641fc3354c4432ce2a93ce99e43d3c

BazaLoader

Executable exe a75eed2248226fdf4940c516c34bba62cd9e441de8b964d36a9485efe2a4053b

BazaLoader

Executable exe 2e8fabb2630aa1cb967d2833917ee7b67c95277ac7fe4ecc25d36cdc670abf95

(this sample)

  
Link
https://tria.ge/210913-s3cvzshban
Cape
Cape
https://capesandbox.com/analysis/187506/
  
Dropped by
SHA256 a75eed2248226fdf4940c516c34bba62cd9e441de8b964d36a9485efe2a4053b
  
Delivery method
Distributed via web download

Comments