MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a98abbce5e84c4c3b67b7af3f9b4dc9704b5af33b6183fb3c192e26b1e0ca005. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BuerLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	a98abbce5e84c4c3b67b7af3f9b4dc9704b5af33b6183fb3c192e26b1e0ca005
SHA3-384 hash:	4aac95f5a45575adc16c658419aabf91d0ecd87d5de9b150f3db4047d66e3c5ded7c26b9e4e8d9d47ffafbdd1b385b0b
SHA1 hash:	c9ff3c2b95e235fd4445818d516b34d0df85537f
MD5 hash:	3ba7bca3e4b2525b33485f013d1aaaa4
humanhash:	minnesota-fanta-avocado-july
File name:	a98abbce5e84c4c3b67b7af3f9b4dc9704b5af33b6183fb3c192e26b1e0ca005.bin
Download:	download sample
Signature	BuerLoader Create hunting rule
File size:	24'576 bytes
First seen:	2020-12-01 14:00:19 UTC
Last seen:	2020-12-01 16:04:12 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	7802a2afdb884b4d1a51c221c6ef5fcd (3 x BuerLoader, 2 x TrickBot)
ssdeep	384:XM11MVcTN/97xf3YunxEOIdYda+12w515JaixQNctxyxQkMsMIMyDsKU:c1G6TNtNXqdYd52w5HTd7yxJhMssj
Threatray	4 similar samples on MalwareBazaar
TLSH	70B27D93789AC476C3202B711F85741292E86E2071B7E2F77A6C1CCC7CB4A9BD729352
Reporter	Arkbird_SOLG
Tags:	Buer BuerLoader Loader

Intelligence

File Origin

# of uploads :

2

# of downloads :

194

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/106247/

Detection(s):

SecuriteInfo.com.Trojan.Siggen11.49717.23538.28439.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/552376

Signature

Antivirus / Scanner detection for submitted sample

Tries to detect virtualization through RDTSC time measurements

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a98abbce5e84c4c3b67b7af3f9b4dc9704b5af33b6183fb3c192e26b1e0ca005/

Threat name:

Win32.Trojan.Wacatac

Status:

Malicious

First seen:

2020-12-01 14:01:06 UTC

AV detection:

19 of 29 (65.52%)

Threat level:

5/5

Verdict:

malicious

Label(s):

trickbot

Similar samples:

1c8260f2d597cfc1922ca72162e1eb3f8272c2d18fa41d77b145d32256c0063d

66f5a68f6b5067feb07bb88a3bfaa6671a5e8fcf525e9cd2355de631c4ca2088

ae3ac27e8303519cf04a053a424a0939ecc3905a9a62f33bae3a29f069251b1f

b298ead0400aaf886dbe0a0720337e6f2efd5e2a3ac1a7e7da54fc7b6e4f4277

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201201-w1jd92x2hs/

Unpacked files

SH256 hash:

a98abbce5e84c4c3b67b7af3f9b4dc9704b5af33b6183fb3c192e26b1e0ca005

MD5 hash:

3ba7bca3e4b2525b33485f013d1aaaa4

SHA1 hash:

c9ff3c2b95e235fd4445818d516b34d0df85537f

Link:

https://www.unpac.me/results/3ea0edfc-28e0-4679-b238-9631c77aed27/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.42

Link:

https://yomi.yoroi.company/submissions/a98abbce5e84c4c3b67b7af3f9b4dc9704b5af33b6183fb3c192e26b1e0ca005

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

xlsm 85d4e3e3b7b8a330e04fe4a3a568f909b795e1c10fa824c49178462bead48d17

exe b298ead0400aaf886dbe0a0720337e6f2efd5e2a3ac1a7e7da54fc7b6e4f4277

exe a98abbce5e84c4c3b67b7af3f9b4dc9704b5af33b6183fb3c192e26b1e0ca005

(this sample)

X

https://twitter.com/ffforward/status/1333703755439742977

Dropped by

SHA256 b298ead0400aaf886dbe0a0720337e6f2efd5e2a3ac1a7e7da54fc7b6e4f4277

Delivery method

Other

URLhaus

https://urlhaus.abuse.ch/url/878735/

Cape

Cape

https://www.capesandbox.com/analysis/106247/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample