MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd
SHA3-384 hash: edfba1b38af0bd6e3c5093dc850231f52c697b3aef1e4463da805179cfb3dbb85d4e6433528cc452330d9a37ff495e55
SHA1 hash: cd17f87ecccd8f2e834e98d380a6447e15552467
MD5 hash: 7c8cb852b333986ff59da438533975ed
humanhash: batman-speaker-steak-hotel
File name:7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd.dll
Download: download sample
Signature BazaLoader
Create hunting rule
File size:509'440 bytes
First seen:2021-10-19 23:26:26 UTC
Last seen:2021-10-20 00:26:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 68c5c3909f471102c15a102518020381 (1 x BazaLoader)
ssdeep 6144:cmli7eD8H0QDkZWj4LWYBiykgLrgCwr2dzohwTBbblr98sgocBKZ9tmGl246k:Lb8UQDkjk6rCIoqTd/gBm9tmT46k
Threatray 45 similar samples on MalwareBazaar
TLSH T1E2B49D99FBE458B9E467813C8C638541D7F278860770CBEB1364436A2F337E09A7A721
Reporter Anonymous
Tags:BazaLoader exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
207
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/198675/
Detection(s):
SecuriteInfo.com.Artemis7C8CB852B333.17308.28251.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6174f663a9d585e6d53702e8/reports/d5f51dd9-f6f9-41c9-b610-0fe36fa68103/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/77244f78-a7f3-4e0e-b42d-1d001590f0af
Result
Threat name:
Bazar Loader
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/873758
Signature
Allocates memory in foreign processes
Detected Bazar Loader
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd/
Threat name:
Win64.Trojan.Bazarloader
Create hunting rule
Status:
Malicious
First seen:
2021-10-19 23:27:05 UTC
AV detection:
7 of 44 (15.91%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
081409dbf0464baad30442d3f8cea67c885e15e438b0f6dbf9c64da67620eaa1
BazaLoader
1298c6133f76de5491828ab2eac13325c21249a1329c971f6b60e7ed85827280
BazaLoader
37065b2a4cdaec2b1a260b39738746cb45895bd6d508e7aa5e4013e94abc6196
BazaLoader
a314401b8e12130bea249a3734022a8ebd46b8e65b18535db60944a00e84e6f6
BazaLoader
bf58ef24dd79c02522163be7d8e523cecb2be8daf30e98fd6673d583cbc9e74b
BazaLoader
e31898f207733cf33a6f951d8337d6cd303334a9df95956686657e3f13436ae8
BazaLoader
e36d3891436038b678aae50859a8bca3c50989deea07b8776c3927e76ad57c1d
BazaLoader
e9343b4e22db0f869c9af10a6e3ae35a1d84f9da8546d4973990f4828a3fd583
BazaLoader
+ 35 additional samples on MalwareBazaar
Result
Malware family:
bazarloader
Create hunting rule
Score:
  10/10
Tags:
family:bazarloader dropper loader suricata
Link:
https://tria.ge/reports/211019-3fefeahdbm/
Behaviour
Blocklisted process makes network request
Bazar/Team9 Loader payload
Bazar Loader
suricata: ET MALWARE BazaLoader Activity (GET)
Unpacked files
SH256 hash:
7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd
MD5 hash:
7c8cb852b333986ff59da438533975ed
SHA1 hash:
cd17f87ecccd8f2e834e98d380a6447e15552467
Link:
https://www.unpac.me/results/b8dfe6fa-f78c-4edc-b82e-dcc5a573f664/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/198675/

Comments


Avatar
Rony commented on 2021-10-20 06:50:58 UTC

BazarBackdoor Payload Extraction
https://www.capesandbox.com/analysis/198728