MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ec403417f1663645d13e9975854ca5df4a2b41273696a79236a1513947b02d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BuerLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ec403417f1663645d13e9975854ca5df4a2b41273696a79236a1513947b02d1
SHA3-384 hash: d1a0ebd64ec1f1a2977fa44b9d5153e574a92792d19fbb67b769f5db6edc13c1c1f48ebb1fe81d4171af960769184dd5
SHA1 hash: a35a7370aa6ae55a437427a2110aa845bb69d6bd
MD5 hash: fd5d8530f9dc89be745b2ab339a7b29b
humanhash: summer-papa-wolfram-kitten
File name:SecuriteInfo.com.Generic.mg.fd5d8530f9dc89be.7866
Download: download sample
Signature BuerLoader
Create hunting rule
File size:841'960 bytes
First seen:2020-10-01 23:36:36 UTC
Last seen:2020-10-03 03:41:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6294ffee2618fddb85957c3897cf1b64 (2 x BuerLoader)
ssdeep 12288:D0nLEc50OzEYmYK1tnYVWR50XoEr+MAHAkei1rsi:D0Y7YmYKrYVG0YErugkN
Threatray 5 similar samples on MalwareBazaar
TLSH 8205C1A2B2E1E135D3B7067329A8BDF003B65D08D9216555A9FCF9D72522CE33BC05CA
Reporter SecuriteInfoCom
Tags:BuerLoader

Code Signing Certificate

Organisation:DigiCert High Assurance EV Root CA
Issuer:DigiCert High Assurance EV Root CA
Algorithm:sha1WithRSAEncryption
Valid from:Nov 10 00:00:00 2006 GMT
Valid to:Nov 10 00:00:00 2031 GMT
Serial number: 02AC5C266A0B409B8F0B79F2AE462577
Intelligence: 204 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 7431E5F4C3C1CE4690774F0B61E05440883BA9A01ED00BA6ABD7806ED3B118CF
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
4
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/67544/
Detection(s):
SecuriteInfo.com.Generic.mg.fd5d8530f9dc89be.7866.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a process with a hidden window
Forced system process termination
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/479848
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to inject code into remote processes
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3ec403417f1663645d13e9975854ca5df4a2b41273696a79236a1513947b02d1/
Threat name:
Win32.Trojan.Bazaloader
Create hunting rule
Status:
Malicious
First seen:
2020-10-01 21:21:59 UTC
File Type:
PE (Exe)
Extracted files:
30
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h3cagql7czrwixit5glvqvgklx2kfnasonuwu6jdnikrhfd3aliq._file
Verdict:
unknown
Similar samples:
3d994a2f80a63f31bf56ddded5ed35f020c40c0324b3ab1935e08b15c25ba017
BuerLoader
67c08d2a21a3ade47ed790aa65ef7cbb117e32300b432f5be97d5ff13c745247
BuerLoader
6c7f43434e5db8703c0a47dedeeab976159d8704bfbe2e4ff65405f38d508e9d
BuerLoader
94ba896b284005a58298806bba47f725cdcaa1816b3c79226639cb145bf16886
BuerLoader
e12b58b042e361d227d4cc3e60e5b5c8ef49c7f70c306d1159c71a7eb335f5cd
BuerLoader
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201001-cqh9pxzwjj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates connected drives
Unpacked files
SH256 hash:
3ec403417f1663645d13e9975854ca5df4a2b41273696a79236a1513947b02d1
MD5 hash:
fd5d8530f9dc89be745b2ab339a7b29b
SHA1 hash:
a35a7370aa6ae55a437427a2110aa845bb69d6bd
Link:
https://www.unpac.me/results/3a3460e4-4cba-4ee8-9f18-d05cf45c410e/
SH256 hash:
be70a9319d45501ed5660725ea4efc8e688bf24d8f03b50abac60c9664b848bb
MD5 hash:
2a93501e05667491529a9cc8980ef00f
SHA1 hash:
888f9514b285382462673c39c982dfa08034c698
Detections:
win_buer_g0
Create hunting rule
Link:
https://www.unpac.me/results/3a3460e4-4cba-4ee8-9f18-d05cf45c410e/
Parent samples :
3ec403417f1663645d13e9975854ca5df4a2b41273696a79236a1513947b02d1
de2388449b4dc4bbf7031700d409777ec1fdd7d91e57e9a29eb865b1c95312d0
6b665a866997d39ba17c6b687693c71b4d4a622d016ad7e0c37bc735524858be
SH256 hash:
50ce7f7cc86ae85a4f1024ac00bff3f4eb361d0659082d9282ac0d58e6853a1a
MD5 hash:
9d53e45825fb173938acb1318061847e
SHA1 hash:
c29ec4914dbbc0ef18e69a5cf830e886063c2e40
Detections:
win_buer_g0
Create hunting rule
Link:
https://www.unpac.me/results/3a3460e4-4cba-4ee8-9f18-d05cf45c410e/
Parent samples :
3ec403417f1663645d13e9975854ca5df4a2b41273696a79236a1513947b02d1
de2388449b4dc4bbf7031700d409777ec1fdd7d91e57e9a29eb865b1c95312d0
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dropper
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/3ec403417f1663645d13e9975854ca5df4a2b41273696a79236a1513947b02d1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BuerLoader

Executable exe 3ec403417f1663645d13e9975854ca5df4a2b41273696a79236a1513947b02d1

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/67544/
  
URLhaus
https://urlhaus.abuse.ch/url/636777/
  
Delivery method
Distributed via web download

Comments