MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 936426ce7210fbd0ce519fb4121289fc1c43247fa96a7d1cd96d276f1662df26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 936426ce7210fbd0ce519fb4121289fc1c43247fa96a7d1cd96d276f1662df26
SHA3-384 hash: 7d75a77b2368fca808086f3031e069ed786d6eda8b24d192a7d2f8279d0e87b8c014b881dcaa7062635533ebcaeacc82
SHA1 hash: 247beb05c9c3db2e48eb47f977b84d7af1ecb542
MD5 hash: c9d38b122b2a987945b6fae866bc0dcb
humanhash: green-september-oranges-kilo
File name:936426ce7210fbd0ce519fb4121289fc1c43247fa96a7d1cd96d276f1662df26
Download: download sample
Signature BazaLoader
Create hunting rule
File size:289'280 bytes
First seen:2022-01-13 16:03:32 UTC
Last seen:2022-01-13 18:21:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2f237c68484f0541151de51739beb951 (1 x BazaLoader)
ssdeep 6144:lxeJo5DgX1mRit9vLbgK6Adm+c6KZH2JGP9XtkE/OWm:LekD82GvYRAYYKZGGJtk+G
Threatray 351 similar samples on MalwareBazaar
TLSH T1CD54BE1B72A544FBE5BB823485A72703E773741517A08B5F4BA007688F2B391BE6B731
File icon (PE):PE icon
dhash icon 2b0d899121264e58 (1 x BazaLoader)
Reporter j_dubp
Tags:BazaLoader exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
240
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
2.dll
Verdict:
No threats detected
Analysis date:
2022-01-13 15:00:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bc63aa15-7997-4f04-9f16-9e4cbc9e0ddf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/219087/
Detection(s):
SecuriteInfo.com.BehavesLike.Win64.Emotet.dc.23599.15077.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
DNS request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/4097/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
emotet greyware packed shell32.dll
Link:
https://www.filescan.io/uploads/61e04d881883c5ba4ec83886/reports/30dd6cb4-a317-4ae2-83dc-31dfb7c29ffa/overview
Malware family:
BazarLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/42afee24-94f7-4bd4-9c65-24103dd9a07d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/920248
Signature
Sigma detected: Suspicious Call by Ordinal
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 552727 Sample: Mcrpd5z35F Startdate: 13/01/2022 Architecture: WINDOWS Score: 48 52 Sigma detected: Suspicious Call by Ordinal 2->52 9 loaddll64.exe 1 2->9         started        process3 signatures4 54 Tries to detect virtualization through RDTSC time measurements 9->54 12 rundll32.exe 9->12         started        15 rundll32.exe 9->15         started        17 rundll32.exe 9->17         started        19 6 other processes 9->19 process5 signatures6 56 Tries to detect virtualization through RDTSC time measurements 12->56 21 cmd.exe 1 12->21         started        23 WerFault.exe 12->23         started        25 WerFault.exe 9 15->25         started        28 WerFault.exe 17->28         started        30 WerFault.exe 17->30         started        32 rundll32.exe 19->32         started        34 WerFault.exe 9 19->34         started        36 WerFault.exe 19->36         started        38 3 other processes 19->38 process7 dnsIp8 40 rundll32.exe 21->40         started        42 conhost.exe 21->42         started        44 choice.exe 1 21->44         started        50 192.168.2.1 unknown unknown 25->50 46 WerFault.exe 20 9 32->46         started        process9 process10 48 WerFault.exe 40->48         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/936426ce7210fbd0ce519fb4121289fc1c43247fa96a7d1cd96d276f1662df26/
Threat name:
Win64.Spyware.Bazarloader
Create hunting rule
Status:
Suspicious
First seen:
2022-01-13 16:04:24 UTC
File Type:
PE+ (Dll)
Extracted files:
5
AV detection:
15 of 28 (53.57%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
08340c953247df216a72580f2a5aa24f6688a24e2316ed4ea62b863dbc252d3e
BazaLoader
1c620f5c3a65d09cd30671a6ea697b47247f9df687ce9ff748ffb7dab9e92dd4
BazaLoader
879e1d5a103b042c620b2c216a6ac707fdafb7e52c54f4a317107b4130158320
BazaLoader
cdc70b4553a9b4ac1916c0a9c9ea05db3e5cf28119432dbd244e37d6c0ca87a1
BazaLoader
cffd82a25e87c9fff7695581d72521fb1bc65ab1b616c0639e36689ae0494d38
BazaLoader
d4032fbbc8d1d4d11c98b1b85801a5b5ce36042ef09b0f3118e7770827f160d8
BazaLoader
e8cfbe425f68faba79342ad20a6a0039c602c67626c91cb8164cb08319c58a57
BazaLoader
e96721c0194fef754b28344960a41649914e1eaf6a43588e9d9018104b80ecea
BazaLoader
ee9a8a1a2081e841af1c0895e2cae936cb38231af59426d54c68d6a2357ac236
BazaLoader
f9bd3a815beaf9e995e521edd22d17a06e5e1c4b1c2fdfa39f3837983716a70c
BazaLoader
+ 341 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220113-th2jaabcg3/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
936426ce7210fbd0ce519fb4121289fc1c43247fa96a7d1cd96d276f1662df26
MD5 hash:
c9d38b122b2a987945b6fae866bc0dcb
SHA1 hash:
247beb05c9c3db2e48eb47f977b84d7af1ecb542
Link:
https://www.unpac.me/results/46966d00-e4cb-4308-a3b3-b1ae1df64fa6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/936426ce7210fbd0ce519fb4121289fc1c43247fa96a7d1cd96d276f1662df26

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/219087/

Comments