MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4294a73a1d708f475bc957ed10e04b6dbfb238a50a963c0a5393f35bcd9d9d7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BazaLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	4294a73a1d708f475bc957ed10e04b6dbfb238a50a963c0a5393f35bcd9d9d7e
SHA3-384 hash:	92400c5eac374d2626f24962d8c3620b1c2045006353ec68aa7f341706738fbe371167df41724745aa05fad4e8f44b6d
SHA1 hash:	ad7efb2e94629c79794ac0074ae49ab94d612b9c
MD5 hash:	e8fdb64b84efa1ceec8c55321126efa2
humanhash:	video-zebra-edward-tennessee
File name:	322.exe
Download:	download sample
Signature	BazaLoader Create hunting rule
File size:	165'888 bytes
First seen:	2020-10-26 14:29:05 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d7fde2c86f22b444d8f9158d72154c65 (1 x BazaLoader)
ssdeep	3072:RND4v/y/EO44BP846S0t5FbX8h1DHspXRVB:RNTDB76h3X8s7
Threatray	185 similar samples on MalwareBazaar
TLSH	6DF36B0AB25626FAD56383B84C22821AFFB775601B148FDF436407356E262D57E3DFA0
Reporter	James_inthe_box
Tags:	BazaLoader exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

98

Origin country :

n/a

Vendor Threat Intelligence

Detection:

BazaLoader

Link:

https://www.capesandbox.com/analysis/79176/

Detection(s):

Win.Malware.Mikey-9778479-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Transferring files using the Background Intelligent Transfer Service (BITS)

DNS request

Sending a custom TCP request

Sending a UDP request

Launching cmd.exe command interpreter

Unauthorized injection to a system process

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/511971

Signature

A

b

c

d

e

f

i

l

M

n

o

r

S

t

u

V

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4294a73a1d708f475bc957ed10e04b6dbfb238a50a963c0a5393f35bcd9d9d7e/

Threat name:

Win64.Trojan.BazarLoader

Status:

Malicious

First seen:

2020-10-26 14:28:55 UTC

File Type:

PE+ (Exe)

Extracted files:

1

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ikkkooq5ochuow6jk7wrbyclnw73eoffbkldycstspzvxtm5tv7a._file

Verdict:

malicious

Similar samples:

003d4f4a8020c7e8dfeb299fdd859c9d6323bc4cee81ec0e0c9e52d9dd1a99ef

1c6ac3c02428dadf42ff0cdbb9fd065187417b0cf9b94fce4c17325319b8417e

1e35935ac6307baef04e92907b1afd15e1ee7f0ed990fa14cce8c01a9e45381e

3090242812c446fcdcd906f3580b9af0889e4efae53f86da291a24eaa547feed

364a38d0c2456cc21bc0d248c1233a8d0e47b988a03be3896ad760544b231336

37ebdaa9539ebdd7606e29dc66f048bb70042d03e75ddc01147cd8277ce0509b

5b07ccbbf8f7b7a34bf03a254431fe36cc34cfac41bb8a72c55b9050fa8696c9

8fbb33ae75d79566d8a3682d500be2668376e1a79b193ca0d1d6a280822cb0f6

b6ec3a1f620913caf7b47450d2c74fb2f483eab50804a0e34b6c09827d21e728

bfad59ad62d310c2f435c02e6e7621a3ff8779b15029e6f949efe4eeb539a709

+ 175 additional samples on MalwareBazaar

Result

Malware family:

bazarbackdoor

Score:

10/10

Tags:

backdoor family:bazarbackdoor

Link:

https://tria.ge/reports/201026-nwc5zn7dw2/

Behaviour

Modifies system certificate store

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Blacklisted process makes network request

BazarBackdoor

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/79176/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample