MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7834cc8a3f3b2dd0d3ed6a22c134b347054a477e116b4a46751f21a463aee356. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DBatLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7834cc8a3f3b2dd0d3ed6a22c134b347054a477e116b4a46751f21a463aee356
SHA3-384 hash: 2d21cc38a9172f38da25c545d71355c4bd06cbc50fe3202aa048fd8f88ac57c025f3c630f4a4df715d4e424159445a4b
SHA1 hash: 5a4e8efd03ca1e782b9697a5af397cff5ddfb200
MD5 hash: c3f27dea754c40ea2fa97596f8cd026d
humanhash: whiskey-lemon-ack-nebraska
File name:c3f27dea754c40ea2fa97596f8cd026d
Download: download sample
Signature DBatLoader
Create hunting rule
File size:859'648 bytes
First seen:2022-04-19 16:12:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e0804e63f849253255cc5a90c0147c49 (6 x DBatLoader, 1 x Formbook, 1 x ModiLoader)
ssdeep 12288:bZ8wag4BvCXr8j4CoOjPDQdT4ragoUG15U87uxHkHijCNsFKzaRHr:b2FN2ojFoOjcdTaTGTR8HExz
Threatray 1'042 similar samples on MalwareBazaar
TLSH T12705AF22B3919432E4731F748C5B97E86925BE102F38A94B7AF9DD0C5F391E13D29293
TrID 26.5% (.EXE) Win32 Executable Delphi generic (14182/79/4)
24.5% (.SCR) Windows screen saver (13101/52/3)
19.7% (.EXE) Win64 Executable (generic) (10523/12/4)
8.4% (.EXE) Win32 Executable (generic) (4505/5/1)
5.6% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):PE icon
dhash icon c8c982848998ac94 (10 x Formbook, 6 x DBatLoader, 4 x RemcosRAT)
Reporter zbetcheckin
Tags:32 DBatLoader exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
262
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/264661/
Detection(s):
SecuriteInfo.com.Scr.MalPbsgen1.14185.1356.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
DNS request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe greyware keylogger
Link:
https://www.filescan.io/uploads/625edf90482f2f41cad2fd97/reports/96d6dd92-7e71-4a0c-8c14-ccf7a5b1c30b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/22ae1f55-668e-480c-b5bf-2e97523d8e9c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/978992
Signature
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7834cc8a3f3b2dd0d3ed6a22c134b347054a477e116b4a46751f21a463aee356/
Threat name:
Win32.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2022-04-19 14:39:20 UTC
File Type:
PE (Exe)
Extracted files:
67
AV detection:
18 of 26 (69.23%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pa2mzcr7hmw5bu7nnirmcnfti4cuur36cfvuurtvd4q2iy5o4nla._file
Verdict:
malicious
Similar samples:
239419437726bda1c5401f36629aa95050346433232192947ca54890ebb8a39f
DBatLoader
25ea2bf5ae084d751e654229343f8390cf11c0d1930fda8009b3935a96317de2
DBatLoader
5b7e1bfddf5e3dc58ccf18cb463d53c3551258708cd903df9b13b79594de5ad1
DBatLoader
628639dd51281444d73d8c0c9dcb4d4b4ad288b4e522868f99e69a77ff6da59a
DBatLoader
6a388696745c133ba5ea711f6413c3c10c082df2d70ca70b2f015c5f83c53c75
DBatLoader
6d11c8f0c3968c0ad3c6d647a0d4f9d8cfec313caf002cb33217b3eee0403e4c
DBatLoader
+ 1'032 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220419-tn3zashec8/
Behaviour
Modifies system certificate store
Program crash
Unpacked files
SH256 hash:
5c7abef80eec8823727033ff393ec0c554e024174078558c2816eac5aa5f05ba
MD5 hash:
75bb3ad3fd6a800d80f6d0df1eacc4cd
SHA1 hash:
97401d629c663e86c91d254047857d2d56245c69
Detections:
win_dbatloader_w0
Create hunting rule
Link:
https://www.unpac.me/results/b96006af-5bac-4dee-898a-de598a30f4d0/
Parent samples :
25ea2bf5ae084d751e654229343f8390cf11c0d1930fda8009b3935a96317de2
af499144c7f610fae2c18484fd390dbc9307cf056e69813a1f53f944593d412b
5c7e72a95bfda155875ac2e0b0a56588bb5ec05ca71d2e94c9f0ccfba523c373
7834cc8a3f3b2dd0d3ed6a22c134b347054a477e116b4a46751f21a463aee356
SH256 hash:
7834cc8a3f3b2dd0d3ed6a22c134b347054a477e116b4a46751f21a463aee356
MD5 hash:
c3f27dea754c40ea2fa97596f8cd026d
SHA1 hash:
5a4e8efd03ca1e782b9697a5af397cff5ddfb200
Link:
https://www.unpac.me/results/b96006af-5bac-4dee-898a-de598a30f4d0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.44
Link:
https://yomi.yoroi.company/submissions/7834cc8a3f3b2dd0d3ed6a22c134b347054a477e116b4a46751f21a463aee356

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DBatLoader

Executable exe 7834cc8a3f3b2dd0d3ed6a22c134b347054a477e116b4a46751f21a463aee356

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2155096/
Cape
Cape
https://www.capesandbox.com/analysis/264661/

Comments


Avatar
zbet commented on 2022-04-19 16:12:35 UTC

url : hxxp://179.43.175.179/mmds/Ccnniidcvabdokxsqqdcgwjtksmdrxygdl.exe