MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 911d3b7d0ad2b9408ca63c381a73f38b15019954d4ff6ffe3fcac8f716c2a200. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 911d3b7d0ad2b9408ca63c381a73f38b15019954d4ff6ffe3fcac8f716c2a200
SHA3-384 hash: 4dcb14b012285381ce613f9772fd3c22e8894613aeef0b2b2864920843d638506bc45217f68dc03ff7de6ff4d0fb4638
SHA1 hash: 29a6370885447addfa7090d2ab4be6c1444d4472
MD5 hash: 4091e54604cee490a613341c70403b99
humanhash: venus-enemy-india-romeo
File name:Corp_doc_1-27.exe.infected
Download: download sample
Signature BazaLoader
Create hunting rule
File size:597'144 bytes
First seen:2021-01-27 17:16:20 UTC
Last seen:2021-01-27 19:04:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bc372961ee96ce5323e9ab07a9e26ef (1 x BazaLoader)
ssdeep 6144:0TI0nPCPcFVYCCCCCCUfpqTA0Id4ErClYNmqg31jfRBN1HeMesQh6uB1wmma:kINPcbGrEBm73NfDQshYia
TLSH 55C4AF67156510E7D56607F09C629A78932BFC233E10EB6F26A0B06B3F772D05C3993A
Reporter LloydLabs
Tags:BazaLoader BazarLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
227
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Corp_doc_1-27.exe.infected
Verdict:
No threats detected
Analysis date:
2021-01-27 17:18:53 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/76aa974d-6d9c-4239-bb6c-3ae198407442

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
BazaLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/114129/
Detection(s):
SecuriteInfo.com.Generic.mg.4091e54604cee490.423.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Changing a file
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Sending a UDP request
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/592151
Signature
Allocates memory in foreign processes
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Sample uses process hollowing technique
Sets debug register (to hijack the execution of another thread)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/911d3b7d0ad2b9408ca63c381a73f38b15019954d4ff6ffe3fcac8f716c2a200/
Threat name:
Win64.Trojan.GenCBL
Create hunting rule
Status:
Malicious
First seen:
2021-01-27 17:17:06 UTC
AV detection:
7 of 28 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=seotw7ik2k4ubdfghq4bu47trmkqdgku2t7w77r7zlepofwcuiaa._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210127-vxy3c4sp8e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blocklisted process makes network request
Unpacked files
SH256 hash:
911d3b7d0ad2b9408ca63c381a73f38b15019954d4ff6ffe3fcac8f716c2a200
MD5 hash:
4091e54604cee490a613341c70403b99
SHA1 hash:
29a6370885447addfa7090d2ab4be6c1444d4472
Link:
https://www.unpac.me/results/819309c8-0a46-468a-9b1c-3de2b7e01ed6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/911d3b7d0ad2b9408ca63c381a73f38b15019954d4ff6ffe3fcac8f716c2a200

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/114129/

Comments