MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57e117773ebe7caaac7d1db9759f5c8313d15db896f7b736459c65164770a5f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DBatLoader

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	57e117773ebe7caaac7d1db9759f5c8313d15db896f7b736459c65164770a5f5
SHA3-384 hash:	33c69646b39d24f15b16bfe5d4f54a19019e4b312f00c78988af9ec2ce22c7fdd2e2dfc420414c5f3b91d7022c4a1c84
SHA1 hash:	22887bb655cd356f9a5895a7c9fef98e73ae9129
MD5 hash:	a70bfb158bbc30c909584454a05888e1
humanhash:	magnesium-equal-sink-sodium
File name:	Vergi ödeme faturası - 27 Kasım 2021 Cumartesi,pdf.exe
Download:	download sample
Signature	DBatLoader Create hunting rule
File size:	658'944 bytes
First seen:	2021-11-27 08:16:37 UTC
Last seen:	2021-11-29 07:59:39 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	10e7df67f7eff778f9254a41e05c41c6 (2 x DBatLoader)
ssdeep	6144:wFghwoZYgqvZvtn5SvU4doaGuoJEa/Z5yCPbNhYmgnFSB8rOe3JVhK4vPNzrexrn:qghhZYJgqfwClgFxVJPK4NH2lMwI
Threatray	8'438 similar samples on MalwareBazaar
TLSH	T1F7E45B2386814131D47B7D7A8D1BF2AEA5333F065A787C0A2AE33E5B1B3EB2035551C6
File icon (PE):
dhash icon	74f0888a8c8980a4 (2 x DBatLoader)
Reporter	GovCERT_CH
Tags:	DBatLoader exe

Intelligence

File Origin

# of uploads :

# of downloads :

222

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

Vergi ödeme faturası - 27 Kasım 2021 Cumartesi,pdf.exe

Verdict:

Suspicious activity

Analysis date:

2021-11-27 08:20:40 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/3f8be7f6-7a49-49a7-92ff-5bbe388e69fa

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

PUA.Win.Packer.BorlandDelphi-15

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

DNS request

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Searching for the window

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

keylogger packed

Link:

https://www.filescan.io/uploads/61a1e982f36138de3f411348/reports/f64c9f14-2630-46cc-8a7f-478b15414cfc/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/86811967-a229-4782-87d7-8785eff552dc

Result

Threat name:

DBatLoader

Detection:

malicious

Classification:

troj

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/897091

Signature

Multi AV Scanner detection for submitted file

Yara detected DBatLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/57e117773ebe7caaac7d1db9759f5c8313d15db896f7b736459c65164770a5f5/

Threat name:

Win32.Backdoor.Remcos

Status:

Malicious

First seen:

2021-11-27 08:17:15 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

22 of 28 (78.57%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=k7qro5z6xz6kvld5dw4xlh24qmj5cxnys333onsftrsrmr3qux2q._file

Verdict:

malicious

Label(s):

remcos

DBatLoader

3f9fd47a1850bb51e06ce78cabb32d839b4d4f68daf028aa0465d7cb85099b1a

DBatLoader

41d511392fc1e9e37a96d7e0d1e2a947d3de3da299d1a0fab9f522b98e38b659

DBatLoader

502f18997fa73c5af97c3f8f3cd7a8a12d7d648642bd238b4eb15c0457e879a1

DBatLoader

75d58f5b4293ffc19d29586f96508fe473b3688503ab75a9fecf8b280af3b55a

DBatLoader

7c491171fbe25c5f47f560db3a857cfc716d0c4733466ac08660e8a8be9bc8cd

DBatLoader

8f1eefd14608fae865576d9f7a24be116eb9d8dcebf89c954e2e645b06174c4e

DBatLoader

cd43f136f1d3221cd64fc792a37744dfa9656a9ea5889e52929275c05eb4e33b

DBatLoader

ed78db064dfb4ae791498b2d08410a69bdad684ff709319d179c2383dd8e2f1c

DBatLoader

f26f9e3fccab0e855f132f00715cfdbaa9efbbc923fc702961d826987d7c15aa

DBatLoader

+ 8'428 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/211127-j6qftahehm/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

80862d46bdac152572d0faa96c99edb9bcb3d5d3ff5d1d41771f5cb8ad164a2c

MD5 hash:

7c09b28f7639c8b2a033e88db5d9df53

SHA1 hash:

fbcccc3c2d024228a3e1dab743b3912ed8ccbb3c

Detections:

win_temple_loader_w0

Link:

https://www.unpac.me/results/b61d998f-dcdd-4fc9-bd6d-0847a605dc29/

Parent samples :

e50290f9b9cf781a2d64f7e3190de28d2b673cd24099675d3b65a80ab70cf9e1
a00a856f0d85fcb7f485777ae81a0b1c52974bb1cd2482ba5e987a7ce8207511
7c491171fbe25c5f47f560db3a857cfc716d0c4733466ac08660e8a8be9bc8cd
5627d54b0f87a8fa0e9a33d2cbce145140eb0e88e77f1076e7658310b742aa83
46e51f41840a1a08e695f8b5dbd03efd3b3f7071edc00d9e916a73a02d8176a1
bc42c1e528e70d0f4152e78278ed1a0e4bacf4cab8bb21da9ea8f99a48676355
62d54d23908b06fb851da8829798a3d82110e0c189a8794f9d7deb9642f1542d
91b5c318543587a212464565a4df06eae2ad2823338389134f06c4409047e18e
57e117773ebe7caaac7d1db9759f5c8313d15db896f7b736459c65164770a5f5
6c2c4e5bb1275643184f07bd2bce3f51722e3b3e0557fbf0d83c0dc6461c4a5b
2d086daa30c03800b673011e6ee10d5ccdfa56842f67188ac348e30ed5cc803c

SH256 hash:

57e117773ebe7caaac7d1db9759f5c8313d15db896f7b736459c65164770a5f5

MD5 hash:

a70bfb158bbc30c909584454a05888e1

SHA1 hash:

22887bb655cd356f9a5895a7c9fef98e73ae9129

Link:

https://www.unpac.me/results/b61d998f-dcdd-4fc9-bd6d-0847a605dc29/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/57e117773ebe/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/57e117773ebe7caaac7d1db9759f5c8313d15db896f7b736459c65164770a5f5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

DBatLoader

exe 57e117773ebe7caaac7d1db9759f5c8313d15db896f7b736459c65164770a5f5

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample