MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c2c4e5bb1275643184f07bd2bce3f51722e3b3e0557fbf0d83c0dc6461c4a5b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DBatLoader

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	6c2c4e5bb1275643184f07bd2bce3f51722e3b3e0557fbf0d83c0dc6461c4a5b
SHA3-384 hash:	dc1907a208d5cd529590186080d218252c6906ede39ffe70531f8b24e36dd21d59ded4beaadde3c22fb0538527766ce4
SHA1 hash:	1e482aa3b8e3512cd5cf3d4ac9b98dafdd0bfd94
MD5 hash:	754d83363f18a1d31b836698b48761bb
humanhash:	summer-iowa-ack-indigo
File name:	Document.exe
Download:	download sample
Signature	DBatLoader Create hunting rule
File size:	658'944 bytes
First seen:	2021-11-29 13:57:59 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	10e7df67f7eff778f9254a41e05c41c6 (2 x DBatLoader)
ssdeep	6144:wFghwoZYgqvZvtn5SvU4doaGuoJEa/Z5yCPbNhYmgnFSB8rOe3JVhK4vPNzrexrn:qghhZYJgqfwClgFxVJPK4NH2lMwI
Threatray	528 similar samples on MalwareBazaar
TLSH	T14DE46CF6E0D44676C0263A795D4F8EEF5428BE012C297547BBDA3D486F39B42BC2A407
File icon (PE):
dhash icon	74f0888a8c8980a4 (2 x DBatLoader)
Reporter	info_sec_ca
Tags:	DBatLoader exe

Intelligence

File Origin

# of uploads :

# of downloads :

126

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

Document.exe

Verdict:

Suspicious activity

Analysis date:

2021-11-29 14:13:30 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/4220cff6-403f-4850-a9da-b496e20f4a64

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

PUA.Win.Packer.BorlandDelphi-15

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

DNS request

Sending a custom TCP request

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Searching for the window

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/133/overview

Behaviour

CheckCmdLine

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

dbatloader keylogger packed remcos

Link:

https://www.filescan.io/uploads/61a4dc6dbbfd2af97cba1161/reports/18bdba51-341e-43a7-93f7-f1dcb108285c/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/77be9a6c-760f-4a4f-8e74-97545c2f378b

Result

Threat name:

DBatLoader

Detection:

malicious

Classification:

troj

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/897908

Signature

Initial sample is a PE file and has a suspicious name

Multi AV Scanner detection for submitted file

Yara detected DBatLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6c2c4e5bb1275643184f07bd2bce3f51722e3b3e0557fbf0d83c0dc6461c4a5b/

Threat name:

Win32.Backdoor.Remcos

Status:

Malicious

First seen:

2021-11-28 03:18:07 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 28 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nqwe4w5re5leggcpa66sxtr7kfzc4oz6avl7x4gyhqg4mrq4jjnq._file

Verdict:

malicious

DBatLoader

214dc633d8cda71fa724675e530ef5e8b554389ee07268d4bcc54d44c6b1cc81

DBatLoader

46e51f41840a1a08e695f8b5dbd03efd3b3f7071edc00d9e916a73a02d8176a1

DBatLoader

5627d54b0f87a8fa0e9a33d2cbce145140eb0e88e77f1076e7658310b742aa83

DBatLoader

57e117773ebe7caaac7d1db9759f5c8313d15db896f7b736459c65164770a5f5

DBatLoader

7c491171fbe25c5f47f560db3a857cfc716d0c4733466ac08660e8a8be9bc8cd

DBatLoader

8db032a108bfbc9b5d4d2be6f466add20a81685196253867b99e6456e02adadf

DBatLoader

91b5c318543587a212464565a4df06eae2ad2823338389134f06c4409047e18e

DBatLoader

bc42c1e528e70d0f4152e78278ed1a0e4bacf4cab8bb21da9ea8f99a48676355

DBatLoader

fc791a24b4250988196f8c8b174d778e0ed1f4ea2a3c8601b25ab4431df56f08

DBatLoader

+ 518 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/211129-q9tqzafbh3/

Behaviour

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

80862d46bdac152572d0faa96c99edb9bcb3d5d3ff5d1d41771f5cb8ad164a2c

MD5 hash:

7c09b28f7639c8b2a033e88db5d9df53

SHA1 hash:

fbcccc3c2d024228a3e1dab743b3912ed8ccbb3c

Detections:

win_temple_loader_w0

Link:

https://www.unpac.me/results/f3c9b0ab-2b85-4629-887c-f592ad51497e/

Parent samples :

e50290f9b9cf781a2d64f7e3190de28d2b673cd24099675d3b65a80ab70cf9e1
a00a856f0d85fcb7f485777ae81a0b1c52974bb1cd2482ba5e987a7ce8207511
7c491171fbe25c5f47f560db3a857cfc716d0c4733466ac08660e8a8be9bc8cd
5627d54b0f87a8fa0e9a33d2cbce145140eb0e88e77f1076e7658310b742aa83
46e51f41840a1a08e695f8b5dbd03efd3b3f7071edc00d9e916a73a02d8176a1
bc42c1e528e70d0f4152e78278ed1a0e4bacf4cab8bb21da9ea8f99a48676355
62d54d23908b06fb851da8829798a3d82110e0c189a8794f9d7deb9642f1542d
91b5c318543587a212464565a4df06eae2ad2823338389134f06c4409047e18e
57e117773ebe7caaac7d1db9759f5c8313d15db896f7b736459c65164770a5f5
6c2c4e5bb1275643184f07bd2bce3f51722e3b3e0557fbf0d83c0dc6461c4a5b
2d086daa30c03800b673011e6ee10d5ccdfa56842f67188ac348e30ed5cc803c

SH256 hash:

6c2c4e5bb1275643184f07bd2bce3f51722e3b3e0557fbf0d83c0dc6461c4a5b

MD5 hash:

754d83363f18a1d31b836698b48761bb

SHA1 hash:

1e482aa3b8e3512cd5cf3d4ac9b98dafdd0bfd94

Link:

https://www.unpac.me/results/f3c9b0ab-2b85-4629-887c-f592ad51497e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6c2c4e5bb1275643184f07bd2bce3f51722e3b3e0557fbf0d83c0dc6461c4a5b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample