MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e28ee862341cc547ed747d3b33502f28c7fc6f59a076519345e419807d733a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DBatLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e28ee862341cc547ed747d3b33502f28c7fc6f59a076519345e419807d733a8
SHA3-384 hash: e75aa2902679d121dd0a680a7deb41bf72d8de93f157d8f4ff59b7af056e991f505539af791b47b4001d28d3a0df9994
SHA1 hash: 4f0e473ad0a4041555cb2a261bc6da0788d1887e
MD5 hash: af30b124bc87c14dd6725b536f42296a
humanhash: white-football-carolina-wisconsin
File name:Potvrda narudzbe. RS0324452672.DOC.zip
Download: download sample
Signature DBatLoader
Create hunting rule
File size:530'823 bytes
First seen:2022-08-03 07:50:30 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:WEscLJRYjCdckUwscY+gh4dweNRo8o9ccaR3PFF0EQo32DhTHqeB6:MRCdc7cYFhgCefFxehT9B6
TLSH T1E6B423A4358B1E7ED02DC8ABFB77CB78838F24D9552A435C69192AD7197FCB12727010
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:DBatLoader zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Tanja Lazarevic <Tanja.Lazarevic@milsped.com>" (likely spoofed)
Received: "from vmi333880.contaboserver.net (wan.gr [207.180.198.241]) "
Date: "Tue, 02 Aug 2022 22:38:22 +0100"
Subject: "RE: [EXTERNAL] RE: Novi poredak"
Attachment: "Potvrda narudzbe. RS0324452672.DOC.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
232
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Win32.Stealer.12c.10827.31655.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
keylogger packed zusy
Link:
https://www.filescan.io/uploads/62ea28e86336465f2a094b8f/reports/1c2bde31-c44c-4586-adad-456722e27b8c/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/4e28ee862341cc547ed747d3b33502f28c7fc6f59a076519345e419807d733a8
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4e28ee862341cc547ed747d3b33502f28c7fc6f59a076519345e419807d733a8/
Threat name:
Win32.Backdoor.NetWiredRc
Create hunting rule
Status:
Malicious
First seen:
2022-08-02 18:10:40 UTC
File Type:
Binary (Archive)
Extracted files:
44
AV detection:
23 of 26 (88.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jyuo5brdihgfi7wxi7j3gnic6kgh7rxvtidwkgjulzazqb6xgoua._file
Result
Malware family:
xloader
Create hunting rule
Score:
  10/10
Tags:
family:modiloader family:xloader campaign:euv4 loader rat trojan
Link:
https://tria.ge/reports/220803-jpt3nshgfq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Checks computer location settings
ModiLoader Second Stage
Xloader payload
ModiLoader, DBatLoader
Xloader
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4e28ee862341cc547ed747d3b33502f28c7fc6f59a076519345e419807d733a8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

DBatLoader

zip 4e28ee862341cc547ed747d3b33502f28c7fc6f59a076519345e419807d733a8

(this sample)

DBatLoader

Executable exe 9a6b3814d1571fd30961206eb15d3affec6486b2ce1aa144d6f3a7854cecad60

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9a6b3814d1571fd30961206eb15d3affec6486b2ce1aa144d6f3a7854cecad60
  
Dropping
MD5 0ecdae9fca6925995ec4a3db95462410

Comments