MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3519764cca01b0ae940c0357718f95351a893967008a2392c5e043eaa7bbfde2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3519764cca01b0ae940c0357718f95351a893967008a2392c5e043eaa7bbfde2
SHA3-384 hash: 13b756ba3b0cab42471dcc773e477784430c24f802806244efef9f177106da3c2ba430fd6732702b6e9e8c02bae552c6
SHA1 hash: dc525901c20238a9e22e878c0a6bccdc098147b8
MD5 hash: 91a7b1a06eb6952d69cff84994fd936c
humanhash: seventeen-montana-winner-mobile
File name:3519764cca01b0ae940c0357718f95351a893967008a2392c5e043eaa7bbfde2.dll
Download: download sample
Signature BazaLoader
Create hunting rule
File size:311'821 bytes
First seen:2021-11-24 18:22:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b01abbf9bba0f1daf3b4d5629e6a666e (4 x BazaLoader)
ssdeep 6144:bV/R1DGqitdh9BhgnaTyEJle86HEJwDdVU9wGtDW:hJ1DruhmaJl1HJadBMW
Threatray 68 similar samples on MalwareBazaar
TLSH T19D64C0117BD48C98DD77027D88B34805DABE2C325B35AADF0A74259E9F6A3C14C3A778
Reporter Anonymous
Tags:BazaLoader exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3519764cca01b0ae940c0357718f95351a893967008a2392c5e043eaa7bbfde2.dll
Verdict:
No threats detected
Analysis date:
2021-11-24 21:21:32 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/57fe9591-cbc0-4a57-838a-9694d6513769

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Delayed reading of the file
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/619e830902c80febc2a85b9b/reports/560d0899-9b8e-4359-b5cd-2cf8e20700b3/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/4975cb7a-87f1-4e62-a4cf-3769883af435
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/895644
Signature
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 528118 Sample: PSVSotIVGj.dll Startdate: 24/11/2021 Architecture: WINDOWS Score: 52 31 Multi AV Scanner detection for submitted file 2->31 33 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->33 7 loaddll64.exe 1 2->7         started        process3 dnsIp4 29 162.33.179.96, 443, 49838 CORENETUS United States 7->29 10 iexplore.exe 2 83 7->10         started        12 cmd.exe 1 7->12         started        14 regsvr32.exe 7->14         started        16 3 other processes 7->16 process5 process6 18 iexplore.exe 7 146 10->18         started        21 rundll32.exe 12->21         started        dnsIp7 23 dart.l.doubleclick.net 216.58.215.230, 443, 49808, 49809 GOOGLEUS United States 18->23 25 ad-delivery.net 104.26.3.70, 443, 49806, 49807 CLOUDFLARENETUS United States 18->25 27 10 other IPs or domains 18->27
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3519764cca01b0ae940c0357718f95351a893967008a2392c5e043eaa7bbfde2/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-11-24 18:23:13 UTC
File Type:
PE+ (Dll)
Extracted files:
2
AV detection:
12 of 44 (27.27%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
03212850d80dd26f4b6706024516f1834e7b8ae9fc31231b2a624106242c4838
BazaLoader
14cc39c7804ff5f599fc801d763a7973f5a99a0d510327a86b1b3f0f25a8fe49
BazaLoader
46e596461f8ee1fd4d63bd1a2e7366a938e06f19750cfc90a9609edbce7381a1
BazaLoader
8f373e1671d5073d0760f1480c561f3e29da7a83fc91f6950ee9e7a80e0dfe52
BazaLoader
d1c628414464ca89e07404650c490ca1e3dfab596b4ec603e3811d37f48bbf7c
BazaLoader
e1a9f6a0f2f0aa7a3bdc04976604fa7169b812ff4976e2f0105992fb8277a52c
BazaLoader
+ 58 additional samples on MalwareBazaar
Result
Malware family:
bazarloader
Create hunting rule
Score:
  10/10
Tags:
family:bazarloader dropper loader
Link:
https://tria.ge/reports/211124-w1gb6sdddr/
Behaviour
Bazar/Team9 Loader payload
Bazar Loader
Unpacked files
SH256 hash:
3519764cca01b0ae940c0357718f95351a893967008a2392c5e043eaa7bbfde2
MD5 hash:
91a7b1a06eb6952d69cff84994fd936c
SHA1 hash:
dc525901c20238a9e22e878c0a6bccdc098147b8
Link:
https://www.unpac.me/results/93687d5b-1857-44e2-862b-fb27f057f3b1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3519764cca01b0ae940c0357718f95351a893967008a2392c5e043eaa7bbfde2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/209112/

Comments