MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a22e9bde5aaed03b323e5c933c473e9ba3831f4473790a3d4394baefe809d8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a22e9bde5aaed03b323e5c933c473e9ba3831f4473790a3d4394baefe809d8a
SHA3-384 hash: ca9cf1daad225bc99c6cd2c1fc824441d825bc270c8ad21c2272a4b737f4d6c7c0be17201d705214126959b47f48f16a
SHA1 hash: 6b9ad0e4b30fa757ba70fae23f386e11134e23f4
MD5 hash: 5bf4ed5ce595439901e66903dc907287
humanhash: mississippi-speaker-alpha-idaho
File name:Stolen Images Evidence.js
Download: download sample
Signature BazaLoader
Create hunting rule
File size:15'755 bytes
First seen:2021-09-07 23:35:18 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 384:pS3UcmpDsopgV3/kp/EvwUAz0B6+9OJJ4F+pplPhdlD/12Lw4NHdG9tW:pS3FsiVPkp/EvwUAz0B6+9OJJ4FFLw4d
TLSH T1D962AB8D7B90C10F77925BA7261BA8C1EB62394CE58644BDE38078D4B062579ECF2732
Reporter malware_traffic
Tags:BazaLoader BazarLoader js

Intelligence

File Origin
# of uploads :
1
# of downloads :
229
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a22e9bde5aaed03b323e5c933c473e9ba3831f4473790a3d4394baefe809d8a/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lirotppfvlwqhmzd4xethrdt5g5dqmpui43zbi6uhff257uatwfa._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210907-3llfxagfbl/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Blocklisted process makes network request
Malware Config
Dropper Extraction:
http://mabiorex.space/333g100/index.php
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/5a22e9bde5aa/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5a22e9bde5aaed03b323e5c933c473e9ba3831f4473790a3d4394baefe809d8a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments