MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 984ad5e9c502cd45ac4c0c425a2d374d558c0786098208a7094f7240ae40a555. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 984ad5e9c502cd45ac4c0c425a2d374d558c0786098208a7094f7240ae40a555
SHA3-384 hash: 631b3fe142304e035c93c4d75ee99b6a879780bc6ccf7110cfe2fc53790e61e2adab9404720e14a1801ae199151d18e6
SHA1 hash: 081117fb9f5ba96b1f8f17ff7d049aa15cd91b3d
MD5 hash: 45b0b63f24fe84df75ee6687255bf437
humanhash: october-oklahoma-london-jig
File name:min_rtt_scapy-nuit.exe
Download: download sample
File size:29'202'560 bytes
First seen:2022-12-21 01:05:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d8a07f50dc39631d02b4733adb9ac1c5 (1 x BazaLoader)
ssdeep 393216:mn83+C8f1UabxN5+p5zKw3Wgkry0UgW3Ei8M9la7Ky9YQPMSG6C3c3moU4Ijl:LN8aatN5mzNGBJc3Eoy7NxWWmkIZ
Threatray 3'621 similar samples on MalwareBazaar
TLSH T11C573326630843F8E705DA76A86873A06876FD874B25D71786F6F2D18D77F500E32A32
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter MossSamoa
Tags:exe min_rtt_scapy-nuit.exe


Avatar
MossSamoa
min_rtt_scapy-nuit.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
190
Origin country :
DK DK
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
min_rtt_scapy-nuit.exe
Verdict:
Malicious activity
Analysis date:
2022-12-21 01:06:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fc13b98f-56ed-4fda-8687-e6ea7bc16842

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Running batch commands
Creating a process with a hidden window
Creating a file
DNS request
Сreating synchronization primitives
Searching for the window
Verdict:
No Threat
Threat level:
  2/10
Confidence:
75%
Tags:
greyware overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/63a25c0159212d118a3b2996/reports/0204f93d-87d9-40c4-9314-6944a31a10e1/overview
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
5 / 100
Link:
https://www.joesandbox.com/analysis/1138331
Behaviour
Behavior Graph:
n/a
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tbfnl2ofalgullcmbrbfuljxjvkyyb4gbgbarjyjj5zeblsauvkq._file
Verdict:
unknown
Similar samples:
1baf63a128c8adbb4598a456ddcb81b33042e06f9cdb99e51448643b6f88cc6d
2ba9d1f00b6c9eae7b5328afd6bd6e1561e4d6a831209f94d1f631ebffa72d9c
3d50fb7a6d59a7b4a4779f5d4b804442133038d5b9afe845b3aad5f2631d2437
3e7752596a9dfb8bc7c2d3039132b1f1e6bf2ca0585769fc09f5f6bf9e5c7b8a
4cb0b838560c4e859b8aa29c40fffde2f196a827eda7f69a2b766299651c50df
5d101b2efae1e9390ac98e014a05d54338ec45cd73ff5dd70842877910f7b758
6000a66320ec04d7738f80e43085649f1c47bd12a2852e825e71876ec4567c07
8cbf3b568724d618057aab89ae62d13436c75d4a5306388a932bbe7c287ae08e
da836408b89e756bd33aed58103d85199671e6fa41ded4d2247bf189b29c6f14
+ 3'611 additional samples on MalwareBazaar
Result
Malware family:
bazarbackdoor
Create hunting rule
Score:
  10/10
Tags:
family:bazarbackdoor backdoor
Link:
https://tria.ge/reports/221221-bf48aaee5s/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Loads dropped DLL
Executes dropped EXE
Bazar/Team9 Backdoor payload
BazarBackdoor
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/984ad5e9c502cd45ac4c0c425a2d374d558c0786098208a7094f7240ae40a555

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments