MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a3dc99f99af4f2d8bd707a4163886df47cbdf6934856c416785010334412043. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a3dc99f99af4f2d8bd707a4163886df47cbdf6934856c416785010334412043
SHA3-384 hash: ce79af30a9eec3d64d6a54091cc0fc791e73749a0b0424c91910d9cb5f2207f69f656d6a9ab8fafb42f7ca652ab8fcb4
SHA1 hash: f2077a96a8015f19fa21ca27b8203aa999aac2d5
MD5 hash: c18acf443a95d2f705fa3c8e0477622d
humanhash: lake-mexico-oranges-winner
File name:c18acf443a95d2f705fa3c8e0477622d.dll
Download: download sample
Signature BazaLoader
Create hunting rule
File size:349'322 bytes
First seen:2021-10-21 18:03:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8fc81352ac718681e376edb5b78a04b3 (5 x BazaLoader)
ssdeep 6144:u55lc2c9mVV7pM3RRVru0hoy4Ip9b/mOawHSjQr:u555c9A2DVru0hoy3p9SVjC
Threatray 58 similar samples on MalwareBazaar
TLSH T18F746CA1A5D13990E9C2D87E861BB372EA4B54332FA1E0C271A70BD3452F4D5DF52E23
Reporter abuse_ch
Tags:BazaLoader dll exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
176
Origin country :
n/a
Vendor Threat Intelligence
Detection:
BazarV5
Create hunting rule
Link:
https://www.capesandbox.com/analysis/199161/
Detection(s):
SecuriteInfo.com.Suspicious.Win32.Save.a.18022.2906.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay
Link:
https://www.filescan.io/uploads/6171ab95db358dd15ecf392f/reports/4ec9fdeb-f24e-4b87-92f9-f30017f9f219/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/65ce94be-3d8b-49ab-bedd-9c20f46c1f52
Result
Threat name:
Bazar Loader
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/874806
Signature
Allocates memory in foreign processes
Detected Bazar Loader
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4a3dc99f99af4f2d8bd707a4163886df47cbdf6934856c416785010334412043/
Threat name:
Win64.Trojan.AgentAGen
Create hunting rule
Status:
Malicious
First seen:
2021-10-21 18:04:10 UTC
AV detection:
9 of 28 (32.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ji64th4zv5hs3c6xa6sbmoeg35d4xx3jgscwyqlhquaqgncbebbq._file
Verdict:
malicious
Similar samples:
081409dbf0464baad30442d3f8cea67c885e15e438b0f6dbf9c64da67620eaa1
BazaLoader
1298c6133f76de5491828ab2eac13325c21249a1329c971f6b60e7ed85827280
BazaLoader
4374f12287c158cc6e9421640b459455307e471711cc41f5666a1cbc553a3eb3
BazaLoader
7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd
BazaLoader
aa2cb7c438568cb9baf184532b6bda4677cd3bb9f22f8d3e65e22588eeace26f
BazaLoader
bf58ef24dd79c02522163be7d8e523cecb2be8daf30e98fd6673d583cbc9e74b
BazaLoader
e31898f207733cf33a6f951d8337d6cd303334a9df95956686657e3f13436ae8
BazaLoader
e36d3891436038b678aae50859a8bca3c50989deea07b8776c3927e76ad57c1d
BazaLoader
f29dbde41d19fa55ca3cd077df6833441aca6df5f1cfccbca9ed9554214263da
BazaLoader
+ 48 additional samples on MalwareBazaar
Result
Malware family:
bazarloader
Create hunting rule
Score:
  10/10
Tags:
family:bazarloader dropper loader suricata
Link:
https://tria.ge/reports/211021-wm22qabebn/
Behaviour
Bazar/Team9 Loader payload
Bazar Loader
suricata: ET MALWARE BazaLoader Activity (GET)
Unpacked files
SH256 hash:
4a3dc99f99af4f2d8bd707a4163886df47cbdf6934856c416785010334412043
MD5 hash:
c18acf443a95d2f705fa3c8e0477622d
SHA1 hash:
f2077a96a8015f19fa21ca27b8203aa999aac2d5
Link:
https://www.unpac.me/results/3c4b71e8-312d-4347-b1e5-fff92d4717f2/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/4a3dc99f99af/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
BazarBackdoor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4a3dc99f99af4f2d8bd707a4163886df47cbdf6934856c416785010334412043

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/199161/

Comments