MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7002a5ffef641a11f8e79543076c19351a5cf490b265dbb691c68f3ac5960d6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7002a5ffef641a11f8e79543076c19351a5cf490b265dbb691c68f3ac5960d6a
SHA3-384 hash: 4b3fdfce8e7c99920d325e63a15f8307207b9ed7331b469c7b21c4d6c861f45ee053e99e8630bb9baf2420e84d292ea3
SHA1 hash: 3f3d2481c40ee6a93156ffa7be0fd7c5aa979366
MD5 hash: 75af5c4689915cf93dc1b17400a48386
humanhash: oscar-missouri-neptune-summer
File name:SonarLoader.bat
Download: download sample
File size:1'385'242 bytes
First seen:2023-05-23 15:38:20 UTC
Last seen:2023-05-23 15:38:21 UTC
File type:Batch (bat) bat
MIME type:text/plain
ssdeep 384:4IgBrJ9ek8JL4X4QMZ9YVou3B4bX/2U0JX0cn/dqDMBNXvXsWaAs14f0GRxAx7Ya:U9NZPOa9UbnPXlRPt3Q8YQZ
TLSH T1F75536298192CF7A6AC0809581DE6C0D1361FB7F1B5884EBFD1E62E96B35F1B11493CD
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Reporter YAMalwareGuy
Tags:bat batch SonarLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
175
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://cdn.discordapp.com/attachments/1108008365273120838/1109806057036984381/SonarLoader.bat
Verdict:
Malicious activity
Analysis date:
2023-05-21 11:35:14 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/72967219-0709-4bec-889b-7b4d0fc496e7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
{HEX}EICAR.TEST.3.UNOFFICIAL
Create hunting rule

{HEX}EICAR.TEST.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Eicar-Test-Signature-2.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Eicar-Test-Signature-4.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Eicar-Test-Signature.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/646cde174560058e76b41f55/reports/7368010b-8ace-4a23-bd9c-84ea0e4138d4/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/7002a5ffef641a11f8e79543076c19351a5cf490b265dbb691c68f3ac5960d6a
Result
Verdict:
UNKNOWN
Result
Threat name:
EICAR
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1241052
Signature
Bypasses PowerShell execution policy
Obfuscated command line found
Yara detected EICAR
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 874064 Sample: SonarLoader.bat Startdate: 23/05/2023 Architecture: WINDOWS Score: 56 22 Yara detected EICAR 2->22 7 cmd.exe 2 2->7         started        process3 signatures4 24 Obfuscated command line found 7->24 26 Bypasses PowerShell execution policy 7->26 10 net.exe 1 7->10         started        12 net.exe 1 7->12         started        14 powershell.exe 1 21 7->14         started        16 7 other processes 7->16 process5 process6 18 net1.exe 1 10->18         started        20 net1.exe 1 12->20         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7002a5ffef641a11f8e79543076c19351a5cf490b265dbb691c68f3ac5960d6a/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oabkl77pmqnbd6hhsvbqo3azgunfz5eqwjs5xnury2htvrmwbvva._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230523-vfn1vagc59/
Behaviour
Delays execution with timeout.exe
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Password Stealer
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/7002a5ffef641a11f8e79543076c19351a5cf490b265dbb691c68f3ac5960d6a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:malw_eicar
Create hunting rule
Author:Marc Rivero | McAfee ATR Team
Description:Rule to detect the EICAR pattern
Reference:https://www.eicar.org/
Rule name:Multi_EICAR_ac8f42d6
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Batch (bat) bat 7002a5ffef641a11f8e79543076c19351a5cf490b265dbb691c68f3ac5960d6a

(this sample)

  
Delivery method
Distributed via web download

Comments