MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa2cb7c438568cb9baf184532b6bda4677cd3bb9f22f8d3e65e22588eeace26f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa2cb7c438568cb9baf184532b6bda4677cd3bb9f22f8d3e65e22588eeace26f
SHA3-384 hash: 947cafab5aa4fe72bc40367519a19501f2d5ceca69e558835fb377603a7f46dd4b37af2b7e9405ca7a6a3aa1b3a4a677
SHA1 hash: b08eb122bd1943335c27e1be854df0ad68d96a41
MD5 hash: 465f6a6e834f601b59cc11bfec695c84
humanhash: pennsylvania-equal-green-uncle
File name:465f6a6e834f601b59cc11bfec695c84
Download: download sample
Signature BazaLoader
Create hunting rule
File size:349'322 bytes
First seen:2021-10-21 15:53:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8fc81352ac718681e376edb5b78a04b3 (5 x BazaLoader)
ssdeep 6144:u55lc2c9mVV7pM3RRVru0hoy4Ip9b/mOawHSjQS:u555c9A2DVru0hoy3p9SVj3
Threatray 57 similar samples on MalwareBazaar
TLSH T150746CA1A5D13990E9C2D87E861BB372EA4B54332FA1E0C271A70BD3452F4D5DF52E23
Reporter malwarelabnet
Tags:BazaLoader BazarLoader exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
217
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/199131/
Detection(s):
SecuriteInfo.com.Suspicious.Win32.Save.a.18022.2906.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay
Link:
https://www.filescan.io/uploads/61718d1ca9d585e6d532460a/reports/73ff60d1-f9fd-45fc-b54f-116cbfba3a91/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/22efaf35-96b4-4c43-a252-d0e017102181
Result
Threat name:
Bazar Loader
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/874706
Signature
Allocates memory in foreign processes
Detected Bazar Loader
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 507134 Sample: 16hVsNu6JV Startdate: 21/10/2021 Architecture: WINDOWS Score: 76 34 Detected Bazar Loader 2->34 36 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->36 7 loaddll64.exe 1 2->7         started        process3 process4 9 regsvr32.exe 13 7->9         started        13 iexplore.exe 2 84 7->13         started        15 cmd.exe 1 7->15         started        17 rundll32.exe 7->17         started        dnsIp5 32 46.101.144.128, 443, 49765 DIGITALOCEAN-ASNUS Netherlands 9->32 38 System process connects to network (likely due to code injection or exploit) 9->38 40 Writes to foreign memory regions 9->40 42 Allocates memory in foreign processes 9->42 44 2 other signatures 9->44 19 chrome.exe 1 9->19         started        21 iexplore.exe 7 142 13->21         started        24 rundll32.exe 15->24         started        signatures6 process7 dnsIp8 26 dart.l.doubleclick.net 172.217.168.38, 443, 49828, 49829 GOOGLEUS United States 21->26 28 prod.appnexus.map.fastly.net 151.101.1.108, 443, 49822, 49823 FASTLYUS United States 21->28 30 15 other IPs or domains 21->30
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aa2cb7c438568cb9baf184532b6bda4677cd3bb9f22f8d3e65e22588eeace26f/
Threat name:
Win64.Trojan.AgentAGen
Create hunting rule
Status:
Malicious
First seen:
2021-10-21 15:54:04 UTC
AV detection:
10 of 27 (37.04%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=viwlprbyk2gltoxrqrjsw262iz342o5z6ixy2ptf4isyr3vm4jxq._file
Verdict:
malicious
Similar samples:
081409dbf0464baad30442d3f8cea67c885e15e438b0f6dbf9c64da67620eaa1
BazaLoader
1298c6133f76de5491828ab2eac13325c21249a1329c971f6b60e7ed85827280
BazaLoader
4374f12287c158cc6e9421640b459455307e471711cc41f5666a1cbc553a3eb3
BazaLoader
7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd
BazaLoader
bf58ef24dd79c02522163be7d8e523cecb2be8daf30e98fd6673d583cbc9e74b
BazaLoader
e31898f207733cf33a6f951d8337d6cd303334a9df95956686657e3f13436ae8
BazaLoader
e36d3891436038b678aae50859a8bca3c50989deea07b8776c3927e76ad57c1d
BazaLoader
e9343b4e22db0f869c9af10a6e3ae35a1d84f9da8546d4973990f4828a3fd583
BazaLoader
f29dbde41d19fa55ca3cd077df6833441aca6df5f1cfccbca9ed9554214263da
BazaLoader
+ 47 additional samples on MalwareBazaar
Result
Malware family:
bazarloader
Create hunting rule
Score:
  10/10
Tags:
family:bazarloader dropper loader
Link:
https://tria.ge/reports/211021-tb7rqaaec5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Bazar/Team9 Loader payload
Bazar Loader
Suspicious use of NtCreateUserProcessOtherParentProcess
Unpacked files
SH256 hash:
aa2cb7c438568cb9baf184532b6bda4677cd3bb9f22f8d3e65e22588eeace26f
MD5 hash:
465f6a6e834f601b59cc11bfec695c84
SHA1 hash:
b08eb122bd1943335c27e1be854df0ad68d96a41
Link:
https://www.unpac.me/results/9f8065c2-0a90-4131-9bbe-17831ea366fe/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/aa2cb7c43856/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
BazarBackdoor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/aa2cb7c438568cb9baf184532b6bda4677cd3bb9f22f8d3e65e22588eeace26f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/199131/

Comments