MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34cc67888cd38da7aeb52508b48ad71287c402aecb72bccca7cbd3a0cd8fe985. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34cc67888cd38da7aeb52508b48ad71287c402aecb72bccca7cbd3a0cd8fe985
SHA3-384 hash: 3c74fc97f0b3215f836b79d3967e3fb2ec9b5572093374d8f581db1bd840ad539e1535718eb2c259ea07406c8bf94a74
SHA1 hash: 100d6f39e83d994ec8e4063802e122e92606b764
MD5 hash: 06f42898d5b2303c0b455d3152ced044
humanhash: illinois-sodium-chicken-delaware
File name:Print_Preview.exe
Download: download sample
Signature BazaLoader
Create hunting rule
File size:257'208 bytes
First seen:2020-09-15 20:34:48 UTC
Last seen:2020-09-16 07:41:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5b0d8dc3184f2da6ccde432a7792fb50 (4 x BazaLoader)
ssdeep 6144:u1QJT9UHWs1rx26N+KwxKngINvssZj73/5pSYsO/d:u1Qq06hbg0vsaEK
Threatray 14 similar samples on MalwareBazaar
TLSH 5844D01763E4B8F9E962DB34C8A58611D73178B216B09B8F1394019E9F632D1AD3DF32
Reporter malware_traffic
Tags:BazaLoader bazar BazarLoader Retalit LLC signed

Code Signing Certificate

Organisation:DigiCert High Assurance EV Root CA
Issuer:DigiCert High Assurance EV Root CA
Algorithm:sha1WithRSAEncryption
Valid from:Nov 10 00:00:00 2006 GMT
Valid to:Nov 10 00:00:00 2031 GMT
Serial number: 02AC5C266A0B409B8F0B79F2AE462577
Intelligence: 204 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 7431E5F4C3C1CE4690774F0B61E05440883BA9A01ED00BA6ABD7806ED3B118CF
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
160
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Feodo
Create hunting rule
Link:
https://www.capesandbox.com/analysis/60995/
Detection(s):
SecuriteInfo.com.generic.ml.13021.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Bazar
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/466964
Signature
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Bazar Backdoor
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34cc67888cd38da7aeb52508b48ad71287c402aecb72bccca7cbd3a0cd8fe985/
Threat name:
Win64.Trojan.Bazarloader
Create hunting rule
Status:
Malicious
First seen:
2020-09-15 20:36:07 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gtggpcem2og2plvveueljcwxckd4iavoznzlztfhzpj2btmp5gcq._file
Verdict:
malicious
Similar samples:
04ad133967d2076e4ce4cbd04c058ba7e8e3725fb72102e2b1b5de433f44de33
BazaLoader
09557d538aee094d168a4b4fb5174d742fe81dd59dd27e2eee078fb3f10d9017
BazaLoader
18fe9ceab0a17ddc71f7b7a206c1c127d62a0a86c62573b8c018ab562da1fd6e
BazaLoader
467c33cb979804dad154612a808f2ea234f7501f8d36bf610ed457cc48993c49
BazaLoader
54c3e01a3dee75c7137c63a25915b7bec1876a8fc65047eff99b97d9ca6cd5c6
BazaLoader
6f6351e0d8ebf90dc864996ebce30e60e8887f8c7f477fc3bec23806a1def95c
BazaLoader
7f757770f2049c23624a483feb6e9331693ded0dafb9c636f96fe6b9307a704c
BazaLoader
d04bdbff24b1bed41536664bb9696387fc6e88756efa76ecf345937e7cfa014d
BazaLoader
e92d50b6632c11ff8cc4e0d478a1f647c060a97bd9206fb3ae6089104f2e495d
BazaLoader
f6cddc2f46ec3e8dc95b6fe42c6f30745bf0e7d3e9788c35a96199c82fc04f66
BazaLoader
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200915-b3xe211kb6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trickbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/34cc67888cd38da7aeb52508b48ad71287c402aecb72bccca7cbd3a0cd8fe985

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BazaLoader

Executable exe 34cc67888cd38da7aeb52508b48ad71287c402aecb72bccca7cbd3a0cd8fe985

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/60995/
  
URLhaus
https://urlhaus.abuse.ch/url/519977/
  
Delivery method
Distributed via web download

Comments


Avatar
Forty commented on 2020-09-23 13:53:19 UTC


https://www.joesandbox.com/analysis/466753