MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57d2a764c13c9101554abafe335a5e861b1231d8138db05e82bfd4b95216a0cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 57d2a764c13c9101554abafe335a5e861b1231d8138db05e82bfd4b95216a0cb
SHA3-384 hash: ec60d05cd60a94b6d13687f2b1fe22af07e8a96ca8ff72cfd9f38986db046020a07e14fef19326fe8a0188b7b2a0b3b4
SHA1 hash: 20cdc6ded1ed1188185d878d909214b4b64deedc
MD5 hash: b74246b70ded94c9ca6159612e3b80f8
humanhash: comet-vegan-mockingbird-magazine
File name:jib5
Download: download sample
Signature BazaLoader
Create hunting rule
File size:462'471 bytes
First seen:2021-09-23 15:05:50 UTC
Last seen:2021-09-23 16:10:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6adc355f9e29dd8e213228d49ef56128 (2 x BazaLoader)
ssdeep 6144:Wxd0pFLXGPKoQjVyhTmTi7yW26ixFgutUPjhu1yBika2u8ol7LHwNobSkQ+o4uEb:Gdg1WPwjVeCW2TbtDyDa2Wjwvcg8sG
TLSH T1FBA46A4AB3A54DB6E872913989538E59EBB2BC214770C38F52A0775F1F337E0A939311
File icon (PE):PE icon
dhash icon 71b119dcce576333 (3'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT)
Reporter Anonymous
Tags:BazaLoader exe Geofenced ITA TA551

Intelligence

File Origin
# of uploads :
2
# of downloads :
168
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
jib5
Verdict:
No threats detected
Analysis date:
2021-09-23 15:09:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/aa3ffc11-e15a-4b2e-8112-d44e61398fe3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/190822/
Detection(s):
SecuriteInfo.com.Win64.BazarLoader.BE.5484.9406.UNOFFICIAL
Create hunting rule

Malware family:
BazarBackdoor
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/77355847-0473-4577-b5be-ad5991da25c2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/856639
Signature
Sigma detected: CobaltStrike Load by Rundll32
Sigma detected: Regsvr32 Command Line Without DLL
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 489085 Sample: jib5 Startdate: 23/09/2021 Architecture: WINDOWS Score: 52 43 Sigma detected: CobaltStrike Load by Rundll32 2->43 45 Sigma detected: Regsvr32 Command Line Without DLL 2->45 8 loaddll64.exe 1 2->8         started        process3 process4 10 iexplore.exe 1 73 8->10         started        12 rundll32.exe 8->12         started        14 cmd.exe 1 8->14         started        16 9 other processes 8->16 process5 18 iexplore.exe 2 157 10->18         started        21 WerFault.exe 12->21         started        23 rundll32.exe 14->23         started        25 WerFault.exe 20 9 16->25         started        27 WerFault.exe 16->27         started        29 WerFault.exe 16->29         started        31 5 other processes 16->31 dnsIp6 35 dart.l.doubleclick.net 142.250.180.230, 443, 49813, 49814 GOOGLEUS United States 18->35 37 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49827, 49828 FASTLYUS United States 18->37 41 12 other IPs or domains 18->41 39 192.168.2.1 unknown unknown 21->39 33 WerFault.exe 17 9 23->33         started        process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/57d2a764c13c9101554abafe335a5e861b1231d8138db05e82bfd4b95216a0cb/
Threat name:
Win64.Trojan.BazarLoader
Create hunting rule
Status:
Malicious
First seen:
2021-09-23 15:06:08 UTC
AV detection:
10 of 28 (35.71%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210923-sgqvqaefbj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
57d2a764c13c9101554abafe335a5e861b1231d8138db05e82bfd4b95216a0cb
MD5 hash:
b74246b70ded94c9ca6159612e3b80f8
SHA1 hash:
20cdc6ded1ed1188185d878d909214b4b64deedc
Link:
https://www.unpac.me/results/7084309b-91fe-454a-b1cf-9dddafadce7e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/57d2a764c13c9101554abafe335a5e861b1231d8138db05e82bfd4b95216a0cb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/190822/

Comments