MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70c2422033dd395c0a6c15b5e6dbdde34aa65b7481d4b8298e70e0c3e72a2182. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BazaLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	70c2422033dd395c0a6c15b5e6dbdde34aa65b7481d4b8298e70e0c3e72a2182
SHA3-384 hash:	428efb494cc13a7b06462e08802a46d5370e35f58aafcc82df836ce992c982d1a9bae0219b30f8c5fffd7463ecd4e69c
SHA1 hash:	60ae64cd005f862797279fb151c9a0433b8e654c
MD5 hash:	12e60d21fd9c8675368635ea5246e393
humanhash:	hawaii-sierra-april-princess
File name:	JVrLyRD.dat
Download:	download sample
Signature	BazaLoader Create hunting rule
File size:	248'332 bytes
First seen:	2021-08-04 16:57:34 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	3072:lT/aaUF7JjCqyWFDUX9Yk2YMsLICMB61BDWY4t4OIvWcg/9/:INeEDtk2gLpj1IY4t4OIc
Threatray	3 similar samples on MalwareBazaar
TLSH	T13F347E3B98E80050EACA99FCEE196FFB786DD9937E14B426363D64C3D7716E98040913
Reporter	malware_traffic
Tags:	BazaLoader BazarLoader dll Stolen_Images_Evidence

malware_traffic

Run method: rundll32.exe [filename],StartW

Intelligence

File Origin

# of uploads :

# of downloads :

202

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

JVrLyRD.dat

Verdict:

Malicious activity

Analysis date:

2021-08-04 16:54:45 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/b5843d6e-3ca4-4d22-8c15-940b6d5be545

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/176406/

Detection(s):

SecuriteInfo.com.Variant.Cerbu.109746.5550.1393.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Sending a custom TCP request

Launching a process

Sending a UDP request

Unauthorized injection to a recently created process

Unauthorized injection to a recently created process by context flags manipulation

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/09ebbcb4-1048-4a56-9753-56b9598fe306

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/827063

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/70c2422033dd395c0a6c15b5e6dbdde34aa65b7481d4b8298e70e0c3e72a2182/

Threat name:

Win64.Trojan.Kryplod

Status:

Malicious

First seen:

2021-08-04 16:58:05 UTC

AV detection:

8 of 46 (17.39%)

Threat level:

5/5

Verdict:

unknown

BazaLoader

a66f69b2c2320fa2bb4b6ab429dd318903db14a56418acc54ecffac8c9592afe

BazaLoader

d384dfdd90da4645a8d74956534cfcef7fcbbf4ed654e61b3d27384616b4bc4a

BazaLoader

Result

Malware family:

bazarbackdoor

Score:

10/10

Tags:

family:bazarbackdoor backdoor

Link:

https://tria.ge/reports/210804-221lvt4y92/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Bazar/Team9 Backdoor payload

BazarBackdoor

Unpacked files

SH256 hash:

70c2422033dd395c0a6c15b5e6dbdde34aa65b7481d4b8298e70e0c3e72a2182

MD5 hash:

12e60d21fd9c8675368635ea5246e393

SHA1 hash:

60ae64cd005f862797279fb151c9a0433b8e654c

Link:

https://www.unpac.me/results/b6b3b0e4-f9e3-4198-93b3-f5f0bea8ae16/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.14

Link:

https://yomi.yoroi.company/submissions/70c2422033dd395c0a6c15b5e6dbdde34aa65b7481d4b8298e70e0c3e72a2182

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/176406/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample