MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 983801eaacc07639df1f10a1761c8302286847a0aec503a5ae72e9aec2f9028a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DBatLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 983801eaacc07639df1f10a1761c8302286847a0aec503a5ae72e9aec2f9028a
SHA3-384 hash: 888a085a1ae96e34f6a1105e50ffe14430183b2c3c70931dc8d5bf7a11a9e43790af1af7e11efdff4818d4a79cf7bac6
SHA1 hash: 84a432f899da9cc86a27ee0641244d4ffea96da6
MD5 hash: 07641b0d625aea7a59f3c0c438d6927c
humanhash: item-nevada-jig-cola
File name:Payment Copy(USD 198,550.05).exe
Download: download sample
Signature DBatLoader
Create hunting rule
File size:641'024 bytes
First seen:2022-08-04 02:18:34 UTC
Last seen:2022-08-04 02:56:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 286be9e4f8d73c89ffb2aff3a4427b53 (9 x DBatLoader, 1 x AveMariaRAT)
ssdeep 12288:F+xn0/znwyVdboAk2SE+BOx7o1sf6hm7fWzHyW+K:w07nxdb7k2SnB2o1A6hsaSPK
Threatray 47 similar samples on MalwareBazaar
TLSH T1B6D49E2AE19084B3DD6226389C57A691D82BBD501D3C245FABDC3EC85B3B781352B3D7
TrID 26.5% (.EXE) Win32 Executable Delphi generic (14182/79/4)
24.5% (.SCR) Windows screen saver (13101/52/3)
19.7% (.EXE) Win64 Executable (generic) (10523/12/4)
8.4% (.EXE) Win32 Executable (generic) (4505/5/1)
5.6% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):PE icon
dhash icon 73b0d4d6c6d430b3 (9 x DBatLoader, 1 x AveMariaRAT)
Reporter GovCERT_CH
Tags:DBatLoader exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
319
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Payment Copy(USD 198,550.05).exe
Verdict:
Suspicious activity
Analysis date:
2022-08-04 02:20:49 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/705e004e-af02-47f4-b76b-cb7323e9e7e3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/296337/
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
DNS request
Sending a custom TCP request
Launching the default Windows debugger (dwwin.exe)
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
keylogger remcos
Link:
https://www.filescan.io/uploads/62eb2c975c07b66577f67456/reports/98880443-0cba-44db-a5e0-b9a6264dc9c8/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d3a329f3-1311-40e9-a7d6-01930c46f202
Result
Threat name:
DBatLoader
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1046026
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Yara detected DBatLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/983801eaacc07639df1f10a1761c8302286847a0aec503a5ae72e9aec2f9028a/
Threat name:
Win32.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2022-08-04 02:19:07 UTC
File Type:
PE (Exe)
Extracted files:
23
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ta4ad2vmyb3dtxy7ccqxmhedaiugqr5av3cqhjnoolu25qxzakfa._file
Verdict:
malicious
Similar samples:
0444972f4976d21a707c947f936ee857584f0dee44e795c6dc7cb86d9b28eddd
DBatLoader
1d4f1e01cbbd896a55a83dd107e381fe0a572bd2c9327cbb82a9510eb4832e99
DBatLoader
204671d989631c99ed12773546e79d980aec9a79922769d13c732fff64325353
DBatLoader
33ea02b92678e7c73d8f65dc81d76733fe0ce94b9c9b22ebe216132a0986436f
DBatLoader
483c603c9fb09c2e908d782f7e6f3f04e6e26b7eaaf8ac637733a4e4a32c80e7
DBatLoader
4c2583095353a9f6950be2aecdc57ce47a6acd16dfb4e9cef78134fa094c7b83
DBatLoader
895d91361b7463bb678ee12f902579a5897d72bc0717784bdf017e703b3097fd
DBatLoader
897e01eafce2598ea8af8d75f531b87118872fb82f101aa788fc987fdac0ff62
DBatLoader
f2d4e21c9c01ada5d8aeaf91a05f344ba07965268c9ae9febf552d6234bcc09a
DBatLoader
ff28079581ca00e790039ab9d81ab6330df81a2ab58e1836f3dcf60011696823
DBatLoader
+ 37 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220804-crvcwshhb5/
Behaviour
Program crash
Unpacked files
SH256 hash:
8bf0cfacb82b874b820cedfbdba9281f78eb8b012745a323ac5e655e611e9e6a
MD5 hash:
a0ca26bc50fe819d835b721b4eaed4b3
SHA1 hash:
1f82327796d661d7a5c0f476ce13a961e4811c82
Link:
https://www.unpac.me/results/beb9e9fe-26c6-47b7-ad74-a077c6ffbfb3/
SH256 hash:
983801eaacc07639df1f10a1761c8302286847a0aec503a5ae72e9aec2f9028a
MD5 hash:
07641b0d625aea7a59f3c0c438d6927c
SHA1 hash:
84a432f899da9cc86a27ee0641244d4ffea96da6
Link:
https://www.unpac.me/results/beb9e9fe-26c6-47b7-ad74-a077c6ffbfb3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/983801eaacc07639df1f10a1761c8302286847a0aec503a5ae72e9aec2f9028a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

DBatLoader

Executable exe 983801eaacc07639df1f10a1761c8302286847a0aec503a5ae72e9aec2f9028a

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/296337/

Comments