MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 447a0ab1979dfe2b0d3ebd7082dec8ad9fba6c8a34bef39217fa4f2c6073c5d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 447a0ab1979dfe2b0d3ebd7082dec8ad9fba6c8a34bef39217fa4f2c6073c5d8
SHA3-384 hash: f265fa25d4e06f50f471e7604923b458617ef96f6d580cb3953aff6ea74ce18cde10bba415b46a83993e86a5081b55b6
SHA1 hash: 9869bad26e3c332bd4a33dbfa7b54a078487cb13
MD5 hash: 65b3bcf97047fba408f3e4e5a76bb544
humanhash: harry-sink-cola-magnesium
File name:447a0ab1979dfe2b0d3ebd7082dec8ad9fba6c8a34bef39217fa4f2c6073c5d8
Download: download sample
File size:174'080 bytes
First seen:2021-06-16 23:30:32 UTC
Last seen:2021-06-17 01:13:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 202c02a7af47499f175766540b9f48a6
ssdeep 3072:wQnN4jWQg1yJlGLpNb1FxMxRYWtTc9os7fbcfICrG3fp1AeQFakhA:wQnN03g1sApjFixRYW9c9oCcldDFak
Threatray 8 similar samples on MalwareBazaar
TLSH FB04AE8873DD367FDA748BB80D365E67ABF1BD1B3400675C07A4E7A1222E639B217904
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
447a0ab1979dfe2b0d3ebd7082dec8ad9fba6c8a34bef39217fa4f2c6073c5d8
Verdict:
No threats detected
Analysis date:
2021-06-16 23:32:26 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/85ae3725-8422-4f7e-9ed4-87ef9fdd1443

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.26071.10175.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
BazarLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/11cd9562-9781-49ce-b382-6f2765c66c38
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/803405
Signature
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
Sample uses process hollowing technique
Sigma detected: CobaltStrike Load by Rundll32
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/447a0ab1979dfe2b0d3ebd7082dec8ad9fba6c8a34bef39217fa4f2c6073c5d8/
Verdict:
malicious
Similar samples:
0404cb08ca7bce5b44670d8871e626a70d03d18a48efdaeb8bb5cde45a5beb71
0fb0c5adab8984099449d207c2513cdd18d62d795e761cf4d3a70df6b2a0973b
1a82ee0d5a11d5431581aa185cee32ab29103083a65e5ddaffed04809b16137c
210c46aae3d71ecbac79447d124d895dded804c08342b17258cd4b400b0bebe0
6c6939f72d85a8d97f4aa81c53d02dccca16e6deff4a2a3eb017ea374713aace
9c3cfeccfffba1fe5b1b69a5784e3d2832a35aebd0998efb48877ae766708691
9eefae4b7a4bd95ddd0f411fee8bf9b7e3c4a521064d2c14c77612b5f5e68707
fea4f9bef08bc96706182b62d1ebcd4aeacaee3fb91f52dee31fd0838b8386ac
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210616-sb6pww2pk6/
Behaviour
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blocklisted process makes network request
Unpacked files
SH256 hash:
447a0ab1979dfe2b0d3ebd7082dec8ad9fba6c8a34bef39217fa4f2c6073c5d8
MD5 hash:
65b3bcf97047fba408f3e4e5a76bb544
SHA1 hash:
9869bad26e3c332bd4a33dbfa7b54a078487cb13
Link:
https://www.unpac.me/results/d94c9b57-201a-44b3-bb17-82d50eadc4ba/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/447a0ab1979dfe2b0d3ebd7082dec8ad9fba6c8a34bef39217fa4f2c6073c5d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments