MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 879e1d5a103b042c620b2c216a6ac707fdafb7e52c54f4a317107b4130158320. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 879e1d5a103b042c620b2c216a6ac707fdafb7e52c54f4a317107b4130158320
SHA3-384 hash: a0d2020d014e92e40499f0526307e9f424c7bb655f05dfa7eb3cc46af1d312b4827c35778f22ebb61203e56db6d61d3c
SHA1 hash: b5ac6ae845860b32b904f637a63a203e4fc330da
MD5 hash: c203086a52eff6e687689ffa22516207
humanhash: high-one-dakota-robin
File name:c203086a52eff6e687689ffa22516207.dll
Download: download sample
Signature BazaLoader
Create hunting rule
File size:248'832 bytes
First seen:2022-01-12 11:02:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fffa55351c6b195830dc3cbc5d2b0ba7 (3 x BazaLoader)
ssdeep 6144:O8YsHES6vX0QSm43ERIF7XvJx8JHOJrkO1:Z9ZZZR1XUJuJrJ
TLSH T18F34D14573C918AAFD33417A89839B55E2B23C264729DEEF03A04336EE1FBD15539B21
Reporter abuse_ch
Tags:BazaLoader dll exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
204
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c203086a52eff6e687689ffa22516207.dll
Verdict:
No threats detected
Analysis date:
2022-01-12 11:21:57 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2334dc52-037f-4b89-bac1-2d042354ad0a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/218702/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.38490369.12518.3010.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
BazarLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/33058f53-7f72-4379-857e-b538e5aa0c90
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/919199
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 551677 Sample: v88V6VoRrE.dll Startdate: 12/01/2022 Architecture: WINDOWS Score: 56 21 Multi AV Scanner detection for submitted file 2->21 23 Sigma detected: Suspicious Call by Ordinal 2->23 7 loaddll64.exe 1 2->7         started        process3 signatures4 25 Tries to detect virtualization through RDTSC time measurements 7->25 10 rundll32.exe 7->10         started        13 cmd.exe 1 7->13         started        15 rundll32.exe 7->15         started        17 rundll32.exe 7->17         started        process5 signatures6 27 Tries to detect virtualization through RDTSC time measurements 10->27 19 rundll32.exe 13->19         started        process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/879e1d5a103b042c620b2c216a6ac707fdafb7e52c54f4a317107b4130158320/
Threat name:
Win64.Spyware.Bazarloader
Create hunting rule
Status:
Suspicious
First seen:
2022-01-12 02:39:40 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
10 of 28 (35.71%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q6pb2wqqhmccyyqlfqqwu2wha7627n7ffrkpjiyxcb5ucmavqmqa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220112-m45phacdfq/
Behaviour
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
879e1d5a103b042c620b2c216a6ac707fdafb7e52c54f4a317107b4130158320
MD5 hash:
c203086a52eff6e687689ffa22516207
SHA1 hash:
b5ac6ae845860b32b904f637a63a203e4fc330da
Link:
https://www.unpac.me/results/c21794bb-5ea3-4d82-b306-a4fa858a2f40/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/879e1d5a103b042c620b2c216a6ac707fdafb7e52c54f4a317107b4130158320

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BazaLoader

Executable exe 879e1d5a103b042c620b2c216a6ac707fdafb7e52c54f4a317107b4130158320

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/218702/
  
URLhaus
https://urlhaus.abuse.ch/url/1968125/
  
Delivery method
Distributed via web download

Comments