MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 8ce226f25c17d785871d2e0f33597715a06ee5b3d86cd389cca0c2de9fd6318a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
DBatLoader
Vendor detections: 7
| SHA256 hash: | 8ce226f25c17d785871d2e0f33597715a06ee5b3d86cd389cca0c2de9fd6318a |
|---|---|
| SHA3-384 hash: | 290843bb6803b8acdd780007a122891e3d6e2b2280ab1607c732ad64091c46d9b6c3d299090acddd25f7fc59612e5492 |
| SHA1 hash: | 2275e260dafeb99e76f550342e7336284237b41f |
| MD5 hash: | 47c9d0c807fd62110ecd4f8597d4c697 |
| humanhash: | oklahoma-princess-lamp-mango |
| File name: | New order is %0D%0A%09attached.zip |
| Download: | download sample |
| Signature | DBatLoader |
| File size: | 497'351 bytes |
| First seen: | 2022-04-29 09:54:34 UTC |
| Last seen: | Never |
| File type: | zip |
| MIME type: | application/zip |
| ssdeep | 12288:O9aRt3NanSxOUJih/q6fngE/zvgEKaZl9fS6jET8KpkS:zt3NRJo/q6fngmsEbtS6YT8I5 |
| TLSH | T10EB42336A293973C74F7AD29DF37053A50A3223AC71FA75DA67D60835742F3A23441A8 |
| TrID | 80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1) |
| Reporter |  cocaman |
| Tags: | DBatLoader zip |
cocaman
Malicious email (T1566.001)From: "Ahmad Ahmad <ahmad.ahmad@asgcgroup.com>" (likely spoofed)
Received: "from hosting3.netsys.am (hosting3.netsys.am [80.86.231.190]) "
Date: "Sun, 24 Apr 2022 23:56:30 +0000"
Subject: "New order 13164"
Attachment: "New order is
attached.zip"
Intelligence
File Origin
# of uploads :
1
# of downloads :
172
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
control.exe fareit formbook greyware keylogger replace.exe strictor
Result
Verdict:
MALICIOUS
Link:
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Packed.Dico
Status:
Malicious
First seen:
2022-04-24 20:55:35 UTC
File Type:
Binary (Archive)
Extracted files:
47
AV detection:
26 of 42 (61.90%)
Threat level:
1/5
Detection(s):
Suspicious file
Result
Malware family:
xloader
Score:
10/10
Tags:
family:modiloader family:xloader campaign:euv4 loader persistence rat suricata trojan
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
ModiLoader Second Stage
Xloader Payload
ModiLoader, DBatLoader
Xloader
suricata: ET MALWARE FormBook CnC Checkin (GET)
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.74
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
exe Delivery method
Distributed via e-mail attachment
Dropping
DBatLoader
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.