MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52e72513fe2a38707aa63fbc52dabd7c7d2c5809ed7e27f384315375426f57bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52e72513fe2a38707aa63fbc52dabd7c7d2c5809ed7e27f384315375426f57bf
SHA3-384 hash: 6b4143e36ffaaad6e8d5f4df634ffd3acbd2b06e115b5825d428e32b6d8aad3ef1a98fc4c113e09b005906fbb3887d10
SHA1 hash: cb294c79b5d48840382a06c4021bc2772fdbcf63
MD5 hash: e44cfd6ecc1ea0015c28a75964d19799
humanhash: carbon-black-five-green
File name:unpacked.bin
Download: download sample
Signature BazaLoader
Create hunting rule
File size:98'816 bytes
First seen:2020-12-15 20:26:01 UTC
Last seen:2020-12-15 21:33:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f9ade0aa18f660a34a4fa23392e21838 (9 x DarkSide, 3 x BazaLoader, 2 x ShikataGaNai)
ssdeep 1536:7X4kTvTOqjai7Z/ZP1FOsXO4dvhvMdAX0pJ0P11XJ2H1:7X4kL5f/OgO4dZvMdO0pWP11XM1
Threatray 1 similar samples on MalwareBazaar
TLSH 49A32A14A3D5A371F8858AB472EE97A0D1FB339E127D6F2742A0C6313114E61DF8B61E
Reporter johannes
Tags:bazabackdoor BazaLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
197
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
unpacked.bin
Verdict:
No threats detected
Analysis date:
2020-12-15 20:26:26 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/44e1763b-a1f9-4483-9d05-325b96c7aab6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108232/
Detection(s):
SecuriteInfo.com.Generic.mg.e44cfd6ecc1ea001.32268.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Connection attempt to an infection source
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
3 / 100
Link:
https://www.joesandbox.com/analysis/563754
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52e72513fe2a38707aa63fbc52dabd7c7d2c5809ed7e27f384315375426f57bf/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kltske76fi4ha6vgh66ffwv5pr6sywaj5v7cp44egfjxkqtpk67q._file
Verdict:
unknown
Similar samples:
35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780
BazaLoader
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201215-4j3q1gzyjj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Unpacked files
SH256 hash:
52e72513fe2a38707aa63fbc52dabd7c7d2c5809ed7e27f384315375426f57bf
MD5 hash:
e44cfd6ecc1ea0015c28a75964d19799
SHA1 hash:
cb294c79b5d48840382a06c4021bc2772fdbcf63
Link:
https://www.unpac.me/results/be50af04-3e39-4ba2-b93c-2a48d1b7232e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.19
Link:
https://yomi.yoroi.company/submissions/52e72513fe2a38707aa63fbc52dabd7c7d2c5809ed7e27f384315375426f57bf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malpedia
Malpedia
https://malpedia.caad.fkie.fraunhofer.de/details/win.bazarbackdoor
Cape
Cape
https://www.capesandbox.com/analysis/108232/

Comments