MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a677ea634b0d6941db49601de73929992c92add11bb05d06d184cb39ae4e247. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a677ea634b0d6941db49601de73929992c92add11bb05d06d184cb39ae4e247
SHA3-384 hash: 964e3b80ce01cd62c9918ceb5fddc872a0506fec247dffe476760182be410e6ce52901318fce70340fc94a674cbfa861
SHA1 hash: 1af6f294a0a0730a2eb58abc0bcddc86ff14cf9a
MD5 hash: cf1729f155c3320032c440d2d6aeb22f
humanhash: alaska-neptune-stairway-fruit
File name:reloadglobal.dll
Download: download sample
Signature BazaLoader
Create hunting rule
File size:1'401'856 bytes
First seen:2021-12-15 09:35:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ca54a6ae85170224dd88abf6fab85e0 (1 x BazaLoader)
ssdeep 24576:LGG0G2XUszmBckvyM14XKArMcaIPtJ1sJ8pva/jCgwigBaGwj0NAyP2bHGMtoGfA:Ln2XUnBDyMSXzMcaweGMAP
Threatray 39 similar samples on MalwareBazaar
TLSH T19E55AE5A32584DA9D9B7D07CC4834F4AEAB174018370D7DB07B15AAE2F277E21A7E720
Reporter pr0xylife
Tags:BazaLoader BazarLoader exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
200
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
reloadglobal.dll
Verdict:
No threats detected
Analysis date:
2021-12-15 10:29:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7e6cde4d-f2dd-4a6f-ba59-61a7417416b6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/214272/
Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/2112/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/61b9b71081d232372002f145/reports/8e4b0c8c-2d7b-482f-82f5-c97e7fc2af28/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/b0207598-f899-4ba1-8ef6-09319d448a07
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/907718
Signature
Creates an autostart registry key pointing to binary in C:\Windows
Sigma detected: Suspicious Call by Ordinal
Sigma detected: UNC2452 Process Creation Patterns
Uses cmd line tools excessively to alter registry or file data
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 540197 Sample: reloadglobal.dll Startdate: 15/12/2021 Architecture: WINDOWS Score: 60 65 Sigma detected: UNC2452 Process Creation Patterns 2->65 67 Sigma detected: Suspicious Call by Ordinal 2->67 10 loaddll64.exe 1 2->10         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        process3 process4 16 rundll32.exe 10->16         started        19 cmd.exe 1 10->19         started        21 rundll32.exe 10->21         started        27 6 other processes 10->27 23 cmd.exe 12->23         started        25 cmd.exe 12->25         started        signatures5 63 Uses cmd line tools excessively to alter registry or file data 16->63 29 cmd.exe 1 16->29         started        31 rundll32.exe 19->31         started        33 conhost.exe 21->33         started        35 reg.exe 21->35         started        37 conhost.exe 23->37         started        39 reg.exe 23->39         started        process6 process7 41 rundll32.exe 29->41         started        43 conhost.exe 29->43         started        45 choice.exe 1 29->45         started        process8 47 cmd.exe 1 41->47         started        50 cmd.exe 1 41->50         started        signatures9 71 Uses cmd line tools excessively to alter registry or file data 47->71 52 reg.exe 1 1 47->52         started        55 conhost.exe 47->55         started        57 rundll32.exe 50->57         started        59 conhost.exe 50->59         started        61 choice.exe 1 50->61         started        process10 signatures11 69 Creates an autostart registry key pointing to binary in C:\Windows 52->69
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7a677ea634b0d6941db49601de73929992c92add11bb05d06d184cb39ae4e247/
Threat name:
Win64.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2021-12-15 09:36:13 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pjtx5jruwdljihnusya5444stgjmskw5cg5qludndbglhgxe4jdq._file
Verdict:
malicious
Similar samples:
086c37d38778e01644fd879d4c19b7387f6526d3d5ca408af8166207b3729f0e
BazaLoader
2329018641118f8138f32a49b862312cb416c939854bb8fc953e08a5e25ced1d
BazaLoader
4a5f37ff394af7a750b1933c3e77b927043e933bfa715c917c824fbc645c940c
BazaLoader
5a057b438a0e8668571bc5a452f6403c246ba2def57b158db04a57b156f6b640
BazaLoader
6a852c0f5d6e5f124298d47ec6800100bfd886b6196a722bced61f267b497a7d
BazaLoader
6fc66ad9d8ce8940f3543d8c79c1e8965b96075126fbcbb99cad97328cec89db
BazaLoader
714616fe3515adc2c2b44781aed900a9e8e37cc4e7239be92f1ca668f40945bd
BazaLoader
83eebca023e0700c5d40cc90fd9fedba3523b8f4e4012a6427e2d8c644a6eb84
BazaLoader
976ef5ced7cc6b4d30a7eed5d427dcbc70b4c14403dd53fc1caa7c5b9ac9200f
BazaLoader
c38f92e0b7c73dbabf18d61b4c99fe4f0c1ff8852b215d3b18683669595073f0
BazaLoader
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211215-lkxdcahbf7/
Behaviour
Runs ping.exe
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
7a677ea634b0d6941db49601de73929992c92add11bb05d06d184cb39ae4e247
MD5 hash:
cf1729f155c3320032c440d2d6aeb22f
SHA1 hash:
1af6f294a0a0730a2eb58abc0bcddc86ff14cf9a
Link:
https://www.unpac.me/results/303ff0dd-fade-4a48-8944-4a45010cadc6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7a677ea634b0d6941db49601de73929992c92add11bb05d06d184cb39ae4e247

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/214272/

Comments