MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6903331c68ae731472d0096e25395c8057b28c44304eb9d2c8c9102cff5db0a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6903331c68ae731472d0096e25395c8057b28c44304eb9d2c8c9102cff5db0a1
SHA3-384 hash: 2308fcd562a248c808c36619fc2b60ff809785a6d20f6494bf46eeb3b4c3db09650c4fc7e72c75a80f7d07ed291b444a
SHA1 hash: 3df9e80f1822a9474a9cb272245482e279dd62ca
MD5 hash: fae1cf371d316ddd6918efda8b993f72
humanhash: two-angel-east-missouri
File name:fae1cf371d316ddd6918efda8b993f72.exe
Download: download sample
Signature BazaLoader
Create hunting rule
File size:554'496 bytes
First seen:2021-03-31 18:33:36 UTC
Last seen:2021-04-01 02:48:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:B5uiYusYXOYf5ip4hLFLTQAZVoblWXaLRT:B5OE/PUgwTZ
Threatray 40 similar samples on MalwareBazaar
TLSH 00C4AEC16CAD96F7DCBBD239A5844E3D2F3028D246C59ACF9508870591F33C2B6A67D8
Reporter abuse_ch
Tags:BazaLoader exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fae1cf371d316ddd6918efda8b993f72.exe
Verdict:
No threats detected
Analysis date:
2021-04-01 05:06:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4c1f3aff-72c9-4197-879a-a7155e6b22a5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/129796/
Detection(s):
SecuriteInfo.com.BehavesLike.Win64.Worm.hh.8077.6881.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Transferring files using the Background Intelligent Transfer Service (BITS)
Sending a UDP request
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6903331c68ae731472d0096e25395c8057b28c44304eb9d2c8c9102cff5db0a1/
Threat name:
Win64.PUA.Wacapew
Create hunting rule
Status:
Malicious
First seen:
2021-03-31 18:34:17 UTC
AV detection:
5 of 29 (17.24%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nebtghdivzzri4wqbfxckok4qbl3fdcegbhltuwizeicz725wcqq._file
Verdict:
suspicious
Similar samples:
42edefa09a3d85a3d4284f6ef57691c8b409ac00da21c799ae14b1adf17435f0
BazaLoader
4435942b9f09846a337474f396fd0a885f41742f05899dcc1a12b6b44a31126b
BazaLoader
5edd735e3c6b81d985f3eadd1f8cae24091b947699f1152528566124f22d5341
BazaLoader
74d117615930c1a51e28e7db460a6f6135eb5070f0975598267e7f07d5a170f7
BazaLoader
98cbdd45b45679061e3a3741cc2a32ef8abbc599de118a4604cff54b528cdaf3
BazaLoader
c8510031a868ab8ef2b11a4261d2aba8c9be252294780faea012bfa94c6d0c70
BazaLoader
cac07a4582d65b74322168e6aed9d7fd05e59e335fb7d1cdb7b5f7149a07d3eb
BazaLoader
d22f536d4d6cc001271855f4467af0bbc656801e1ffa34a8acd905db56cebae0
BazaLoader
eb1eb139750b9e73d8d27448b93f9a3c0931f50572cd95282e9f205a0caa7e79
BazaLoader
f0548ac778c8bcea06c577a13e7b0856b73838715c2fab1b1e83096e2333f82f
BazaLoader
+ 30 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210331-84ag5tddsn/
Behaviour
Modifies system certificate store
Looks up external IP address via web service
Tries to connect to .bazar domain
Unpacked files
SH256 hash:
6903331c68ae731472d0096e25395c8057b28c44304eb9d2c8c9102cff5db0a1
MD5 hash:
fae1cf371d316ddd6918efda8b993f72
SHA1 hash:
3df9e80f1822a9474a9cb272245482e279dd62ca
Link:
https://www.unpac.me/results/a9d9bb34-985e-4aa1-9002-ee267b1a6765/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/6903331c68ae731472d0096e25395c8057b28c44304eb9d2c8c9102cff5db0a1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BazaLoader

Executable exe 6903331c68ae731472d0096e25395c8057b28c44304eb9d2c8c9102cff5db0a1

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/129796/
  
URLhaus
https://urlhaus.abuse.ch/url/1100496/
  
Delivery method
Distributed via web download

Comments