MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ea200ef4d55ec4a99a4ef59abcdbc3f2d65e627ba8230fb44cd4e00a665b454. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DBatLoader

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	2ea200ef4d55ec4a99a4ef59abcdbc3f2d65e627ba8230fb44cd4e00a665b454
SHA3-384 hash:	b04ff279b7f8c7d548c33b526a942bcec3dd7193f4164a83cc6907d414b0ad9e9b81e4628bb95e49dfbf7e529813a10f
SHA1 hash:	7eedf3f0b41efb0daf99b4dd7d20de8e1b13db98
MD5 hash:	756c03110254f7d0d2002a813f2749a0
humanhash:	texas-jupiter-lion-two
File name:	SecuriteInfo.com.Variant.Zusy.433412.11119.31541
Download:	download sample
Signature	DBatLoader Create hunting rule
File size:	751'616 bytes
First seen:	2022-07-20 02:48:54 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a1fe30710cd81c908b0878e166e653d4 (2 x DBatLoader, 2 x RemcosRAT, 1 x Formbook)
ssdeep	12288:mDVyc7hRZ/ksbXlwv/qcAD/reQynzySzQrtVSX3x7FRSRjAf2rDNtl2aCHVVzHg:O9j1ksXev/qcADPyzySzWtVSn52pAf2s
Threatray	1'538 similar samples on MalwareBazaar
TLSH	T164F49F25E7F1CE33C16E163E8D5B72A55C2D7E202929F88A2AE43D4C5FF964134292D3
TrID	26.5% (.EXE) Win32 Executable Delphi generic (14182/79/4) 24.5% (.SCR) Windows screen saver (13101/52/3) 19.7% (.EXE) Win64 Executable (generic) (10523/12/4) 8.4% (.EXE) Win32 Executable (generic) (4505/5/1) 5.6% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):
dhash icon	27d0d8d6d6d8d023 (11 x RemcosRAT, 6 x DBatLoader, 5 x ModiLoader)
Reporter	SecuriteInfoCom
Tags:	DBatLoader exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

190

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/292312/

Detection(s):

SecuriteInfo.com.Variant.Zusy.433412.11119.31541.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Creating a window

DNS request

Sending a custom TCP request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/26801/overview

Behaviour

MalwareBazaar

CheckScreenResolution

CheckCmdLine

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

greyware keylogger obfuscated packed

Link:

https://www.filescan.io/uploads/62d76d9ab1b58ed7a1735d30/reports/0d4dc679-ff97-4aff-84f1-9b07d0e09b3e/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Dbatloader

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/7cc73de2-8f0e-4f10-a1e3-efa7a0f358b6

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1038145

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2ea200ef4d55ec4a99a4ef59abcdbc3f2d65e627ba8230fb44cd4e00a665b454/

Threat name:

Win32.Trojan.Remcos

Status:

Malicious

First seen:

2022-07-20 00:55:59 UTC

File Type:

PE (Exe)

Extracted files:

40

AV detection:

19 of 26 (73.08%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=f2rab32nkxwevgne55m2xtn4h4wwlzrhxkbdb62ezvhabjtfwrka._file

Verdict:

malicious

Similar samples:

55a7fd2df3009816980dc8c5ab8d4b5e2bfeb5c583a3f2af5224de8e375f544b

5ea231a48a83c2308ca0b9ef842cfe56b4d6f5e20eab743a9c7f87db7ff95403

62422d7709489bd4bfe5e5feb34bfd22f0a91269b9b8e8246e407dd597d3f79a

635dfd1efd705394c8911da4fdcd0777fcc7c1078010c448e12d3f0624659ed6

70b0584e7af38f6a3df03120166a1378819bf596d6e5d5f1cf64cd3280b2ca61

711d8a94c429866e76447eb867f6408eb83b85d9bbea615084722e6055a9d939

a251a9ff3f21abb892e860a570fd97315d0559e56a45aeec577ad8a5bed6f57b

b789d4ddcafc503eff5ad068d03492ec3fe4644798c0ca68957a5405c7fc3c0d

b8df890fac057175f86dc5f301f1e1f6d45b2a1b36598934c3fc0144cf433137

dcd5d7cfe84d0687294f0990eaba6b407d250877fe61c3a28dc9ff6a30638bce

+ 1'528 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220720-da1n1sbgaq/

Unpacked files

SH256 hash:

e5cee39f56c43d207f40862077d5b015e62929ff21f9de4e45c3b958c8947770

MD5 hash:

0de7dbbda445e257c9169774b9a8000b

SHA1 hash:

23ab78a6fdd513f2b3877efc92a71fe7d44db0db

Link:

https://www.unpac.me/results/4a06a582-bd69-43fc-9cc4-738342966f6c/

SH256 hash:

2ea200ef4d55ec4a99a4ef59abcdbc3f2d65e627ba8230fb44cd4e00a665b454

MD5 hash:

756c03110254f7d0d2002a813f2749a0

SHA1 hash:

7eedf3f0b41efb0daf99b4dd7d20de8e1b13db98

Link:

https://www.unpac.me/results/4a06a582-bd69-43fc-9cc4-738342966f6c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.50

Link:

https://yomi.yoroi.company/submissions/2ea200ef4d55ec4a99a4ef59abcdbc3f2d65e627ba8230fb44cd4e00a665b454

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/292312/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample