MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 390145df647bf727bd629c4c4c77a211c0776f6b03eec501c35c377ed520165c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BazaLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	390145df647bf727bd629c4c4c77a211c0776f6b03eec501c35c377ed520165c
SHA3-384 hash:	672a6f912c25c59d5e1c5241d4f345e05a2c1ae159a886974d09316eabb8880d789db47212904c748ec46bc8238eb04b
SHA1 hash:	94411a43f529e7918583fe38b3c01a98677b5ab8
MD5 hash:	a596169960aeede1bab8ee6fea3cac49
humanhash:	july-may-nevada-jersey
File name:	hut10.dll
Download:	download sample
Signature	BazaLoader Create hunting rule
File size:	295'552 bytes
First seen:	2021-08-12 16:27:43 UTC
Last seen:	2021-08-12 17:42:27 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	3072:p6QlU5T0+vk+wYDgN3XwmbvV4Ynnbe9rhNifQMpnIjZ9jAPUn4CbwKL0Fo3dgqTx:pXEwZSZeKZVA6BNL0F1h31eMgIf0
Threatray	53 similar samples on MalwareBazaar
TLSH	T117545BA8A144D4CBF9E7ACBCDAE8B3E6F4B67F350F25C1D36EB044115A202919D1A713
Reporter	James_inthe_box
Tags:	BazaLoader dll exe

Intelligence

File Origin

# of uploads :

# of downloads :

202

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

hut10.dll

Verdict:

No threats detected

Analysis date:

2021-08-12 16:30:19 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/99716a0e-c792-49b9-ba58-8e3be5faea63

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/178781/

Detection(s):

SecuriteInfo.com.Trojan.Bazar.16.14255.31473.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Transferring files using the Background Intelligent Transfer Service (BITS)

Connection attempt

Launching a process

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

TA551

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/38e0c10e-31e7-4b33-9454-e085e6f3366c

Result

Threat name:

Bazar Loader

Detection:

malicious

Classification:

spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/831948

Signature

Allocates memory in foreign processes

Contains functionality to inject code into remote processes

Detected Bazar Loader

Injects a PE file into a foreign processes

Modifies the context of a thread in another process (thread injection)

Multi AV Scanner detection for submitted file

Sample uses process hollowing technique

Sigma detected: CobaltStrike Load by Rundll32

Sigma detected: Regsvr32 Command Line Without DLL

Sigma detected: Suspicious Svchost Process

System process connects to network (likely due to code injection or exploit)

Writes to foreign memory regions

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/390145df647bf727bd629c4c4c77a211c0776f6b03eec501c35c377ed520165c/

Threat name:

Win64.Trojan.Convagent

Status:

Malicious

First seen:

2021-08-12 16:27:37 UTC

File Type:

PE+ (Dll)

AV detection:

10 of 46 (21.74%)

Threat level:

5/5

Verdict:

suspicious

BazaLoader

8c281412e64050c64d1e734d844ecc6a94e7187378365d5d9ade89e67871d20e

BazaLoader

986d22f03f04424181bc773a42db6283722baffe40b031d97c9562ab0ed8a6ae

BazaLoader

a701108be3d3802eba7c79c5c68afc0fee833595cdada8df5ac02ef9b97d2ad1

BazaLoader

bc8407aa092b9b316e72b6082699dd1432521f739eacfb57109bb1d759d89802

BazaLoader

cbf60d6fa0473f1a0290e278479a1786daea784d7dc2a63198292f7a9ec1a2a1

BazaLoader

e04c5bfeda44a81b6c820bf89515ab98bce767728c34919bed27a2767926a514

BazaLoader

fd001fb71e9faa68c6e53162ed0554fd6f16a0e381aa280cea397b3d74bb62eb

BazaLoader

+ 43 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210812-rjdhnm2rzs/

Unpacked files

SH256 hash:

390145df647bf727bd629c4c4c77a211c0776f6b03eec501c35c377ed520165c

MD5 hash:

a596169960aeede1bab8ee6fea3cac49

SHA1 hash:

94411a43f529e7918583fe38b3c01a98677b5ab8

Link:

https://www.unpac.me/results/a04feabc-e81f-4947-af25-d2844362c202/

Malware family:

BazarLoader

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/390145df647b/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.14

Link:

https://yomi.yoroi.company/submissions/390145df647bf727bd629c4c4c77a211c0776f6b03eec501c35c377ed520165c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

https://www.capesandbox.com/analysis/178781/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample