MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a51872b8369ac8cc85e0f1a76e8706cf91de1a4b50758c939cdfd63605ed254. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BazaLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	7a51872b8369ac8cc85e0f1a76e8706cf91de1a4b50758c939cdfd63605ed254
SHA3-384 hash:	0411623db6322999f79a9e92ff27f162a6d420aa8b4ad96a31632e2b1db72939ce19b1c63899e34216199a3cd27aed0b
SHA1 hash:	f7a8658bc159191875e8c436735f3852dd1ebdcb
MD5 hash:	d7cbeb5af00adb5d319db6fbeb0e35b1
humanhash:	fourteen-alabama-mango-spring
File name:	ClassicStartMenu.exe
Download:	download sample
Signature	BazaLoader Create hunting rule
File size:	230'818 bytes
First seen:	2021-01-18 11:06:00 UTC
Last seen:	2021-01-18 13:08:17 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	6b7914550a3dc87f6cb7e4f50d3255e5 (1 x BazaLoader)
ssdeep	6144:4H48C3h3BCLc+n8T0DevYdF0BY0mpirbd9b:648QhUg+nrDevoBpirbd9b
Threatray	3 similar samples on MalwareBazaar
TLSH	F134251471048CF4F9356B72D69FE7707412E99E867C1A133D0B6D29277DA880ABFCA2
Reporter	Rony
Tags:	BazaLoader exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

175

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

request_form_1610732879.xls

Verdict:

Malicious activity

Analysis date:

2021-01-15 18:07:42 UTC

Tags:

macros macros40

Link:

https://app.any.run/tasks/2f58699f-8c9e-4248-82fd-483bc663bf07

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

BazaLoader

Link:

https://www.capesandbox.com/analysis/114528/

Detection(s):

SecuriteInfo.com.Generic.mg.d7cbeb5af00adb5d.13878.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7a51872b8369ac8cc85e0f1a76e8706cf91de1a4b50758c939cdfd63605ed254/

Threat name:

Win64.Trojan.Mansabo

Status:

Malicious

First seen:

2021-01-18 11:06:05 UTC

AV detection:

9 of 28 (32.14%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pjiyok4dngwizsc6b4nhn2dqnt4r3ynewudvrsjzzx6wgyc62jka._file

Verdict:

unknown

Similar samples:

0dfcf4d5f66310de87c2e422d7804e66279fe3e3cd6a27723225aecf214e9b00

476bb9c473787445f22e5a80de8a48d0bb273817f0d25bec1c491f6fde8b1770

7697108c8e032dc97dbcda51ba54a82d85973137faacd19fb306c0217d50cfa2

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210118-xl2k5vhnjs/

Unpacked files

SH256 hash:

7a51872b8369ac8cc85e0f1a76e8706cf91de1a4b50758c939cdfd63605ed254

MD5 hash:

d7cbeb5af00adb5d319db6fbeb0e35b1

SHA1 hash:

f7a8658bc159191875e8c436735f3852dd1ebdcb

Link:

https://www.unpac.me/results/cb429632-6bfb-4c03-ad66-743e098c8ef7/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.22

Link:

https://yomi.yoroi.company/submissions/7a51872b8369ac8cc85e0f1a76e8706cf91de1a4b50758c939cdfd63605ed254

File information

The table below shows additional information about this malware sample such as delivery method and external references.

xls 450b65a3bb7a28c469dc30984f606c28c6f212095c9dd90bb49b2d008e9684ab

exe 7a51872b8369ac8cc85e0f1a76e8706cf91de1a4b50758c939cdfd63605ed254

(this sample)

Dropped by

SHA256 450b65a3bb7a28c469dc30984f606c28c6f212095c9dd90bb49b2d008e9684ab

Cape

Cape

https://www.capesandbox.com/analysis/114528/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample