MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ccd2066aa7194f5ae343eb6fa26ac0db06e3380af47974f86a20f0db98f1230. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 12


Intelligence 12 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ccd2066aa7194f5ae343eb6fa26ac0db06e3380af47974f86a20f0db98f1230
SHA3-384 hash: 2ba7076eac1c7f8a6b2f70057af95d41f3a741fdb59acb1df99f7665ad0900e0e24c3f4d85145cf2362e407940d2e8d6
SHA1 hash: 1d6a1a36fc0f03d21721fc90c08fe5e46473eed3
MD5 hash: fddd22680670b6b905be34d17eddf96c
humanhash: fourteen-kansas-high-delta
File name:Document_Print.exe
Download: download sample
Signature BazaLoader
Create hunting rule
File size:106'184 bytes
First seen:2023-08-24 08:18:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e5ddb61c240d41d55fab2704a00c9d50 (1 x BazaLoader)
ssdeep 1536:ex1wprAY5A/xjRqGYaqV0FWw2QsEq5A5EikUmIXN8s84dTZJT90Ggc:ex1glAjVYF8yXEXEVpqNpTZt90Ggc
Threatray 23 similar samples on MalwareBazaar
TLSH T1F4A35A5772D036F9F176DA749AA18005D777B8B12630CF0F03A415963FA26A1BD2CFA2
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter dancho_danchev
Tags:BazaLoader conti exe Ransomware win.conti

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'127
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Document_Print.exe
Verdict:
No threats detected
Analysis date:
2023-08-24 08:20:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7e3be047-9b8a-4e0f-bf1b-d077d2c4cce5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/444420/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.36590.15594.19093.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/108447/overview
Behaviour
MalwareBazaar
CallSleep
Gathering data
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/7ccd2066aa7194f5ae343eb6fa26ac0db06e3380af47974f86a20f0db98f1230
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
TrickBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/789c4390-3c39-4bad-a1bc-d4fd00d05e4c
Result
Threat name:
Bazar Loader
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1296456
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Initial sample is a PE file and has a suspicious name
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample has a suspicious name (potential lure to open the executable)
Yara detected Bazar Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ccd2066aa7194f5ae343eb6fa26ac0db06e3380af47974f86a20f0db98f1230/
Threat name:
Win64.Trojan.Bazzarldr
Create hunting rule
Status:
Malicious
First seen:
2023-04-11 16:31:28 UTC
File Type:
PE+ (Exe)
AV detection:
25 of 38 (65.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ptgsazvkogkpllruh23pujvmbwyg4m4av5dzot4guihq3ompciya._file
Verdict:
malicious
Similar samples:
18fe9ceab0a17ddc71f7b7a206c1c127d62a0a86c62573b8c018ab562da1fd6e
BazaLoader
1ae793fb1d53cf5b1b393c348592220eec76d6def504dcb09f4686920d2e28d2
BazaLoader
34cc67888cd38da7aeb52508b48ad71287c402aecb72bccca7cbd3a0cd8fe985
BazaLoader
5a8c4049c0e4005dc517d1237e9e0263b6db3f247149e260f4e6004050c5254f
BazaLoader
6194e84abd60d7ce60ef014c0da2c55a8b648d22b589f6b29558bf537f968266
BazaLoader
8320e50369b6d17c6d939347fa762213b491ffed93aa5b54d7fc5e4ad8fbf4d4
BazaLoader
d02e5813fe95fcf33230af6616f2f277230b3f9f636420c9c0a979540922c6bb
BazaLoader
eccf6983eccd9b88e01ed8d2b17958dc57be3df9ea6216e7b8188a47080ff118
BazaLoader
f44ee4b3572fc6d8c777df55729e61866c5d365be55b2590fa9fcd5f477e888a
BazaLoader
fabbde554c34e111a975534b714cec911f558ca30f9a4057ebdc25314b3a270f
BazaLoader
+ 13 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230824-j7vf6abb46/
Unpacked files
SH256 hash:
7ccd2066aa7194f5ae343eb6fa26ac0db06e3380af47974f86a20f0db98f1230
MD5 hash:
fddd22680670b6b905be34d17eddf96c
SHA1 hash:
1d6a1a36fc0f03d21721fc90c08fe5e46473eed3
Detections:
win_bazarbackdoor_auto
Create hunting rule
Link:
https://www.unpac.me/results/04678560-9a33-4617-922f-a8fc39ff167d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
BazarBackdoor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7ccd2066aa7194f5ae343eb6fa26ac0db06e3380af47974f86a20f0db98f1230

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BazaSignature2
Create hunting rule
Rule name:CAS_Malware_Hunting
Create hunting rule
Author:Michael Reinprecht
Description:DEMO CAS YARA Rules for sample2.exe
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:malware_shellcode_hash
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect shellcode api hash value
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:SUSP_XORed_URL_in_EXE_RID2E46
Create hunting rule
Author:Florian Roth
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834
Rule name:Windows_Trojan_Bazar_3a2cc53b
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BazaLoader

Executable exe 7ccd2066aa7194f5ae343eb6fa26ac0db06e3380af47974f86a20f0db98f1230

(this sample)

  
Link
https://ddanchev.blogspot.com/2022/03/exposing-trickbot-malware-gang-osint.html
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/444420/

Comments