MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b057eb94e711995fd5fd6c57aa38a243575521b11b98734359658a7a9829b417. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b057eb94e711995fd5fd6c57aa38a243575521b11b98734359658a7a9829b417
SHA3-384 hash: 26a857d26747fb1b7f6f07dffdd62fe2d6a5e345eae08acd29e8b22b952459d3b04b18f5f5bd1f5594e052fdfa253109
SHA1 hash: ad3fe6390c5ed83333574de3b925e7434e552762
MD5 hash: c3146a80e7a0c5069b3b3172bc4a16c1
humanhash: oscar-hydrogen-carolina-thirteen
File name:c3146a80e7a0c5069b3b3172bc4a16c1.exe
Download: download sample
Signature BazaLoader
Create hunting rule
File size:193'024 bytes
First seen:2021-06-18 12:23:52 UTC
Last seen:2021-06-18 12:59:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0934687d08f28a028d91dfbde9816da0 (1 x BazaLoader)
ssdeep 3072:KqpWD9mV/3ZHV0CYq46g+iDtPIfnL3KZ0OC0sGH/WarJlmoaX/tK9ZArQl3z+R6b:K75mV/330x0T8O4H/WafFaX/9yj+RB37
Threatray 9 similar samples on MalwareBazaar
TLSH 3F14AD4279C88C53ED1351FF01C88FAEC35491095EF3250BB64ADD74B8E73DB51A89AA
Reporter abuse_ch
Tags:BazaLoader exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
164
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c3146a80e7a0c5069b3b3172bc4a16c1.exe
Verdict:
No threats detected
Analysis date:
2021-06-18 12:26:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7311ba7a-ec1d-4792-86ea-b22dac77f91e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/166831/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37058300.3732.5813.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
BazarLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/acf6ba3b-60a0-4f64-983c-00fa9d559ecc
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/804306
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b057eb94e711995fd5fd6c57aa38a243575521b11b98734359658a7a9829b417/
Threat name:
Win64.PUA.Wacapew
Create hunting rule
Status:
Malicious
First seen:
2021-06-08 01:25:01 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wbl6xfhhcgmv7vp5nrl2uofcinlvkinrdomhgq2zmwfhvgbjwqlq._file
Verdict:
malicious
Similar samples:
0404cb08ca7bce5b44670d8871e626a70d03d18a48efdaeb8bb5cde45a5beb71
BazaLoader
0fb0c5adab8984099449d207c2513cdd18d62d795e761cf4d3a70df6b2a0973b
BazaLoader
1a3966c451b11eb826dd957505477506b44d3fa8d4579febe4670ea6b228bfff
BazaLoader
1a82ee0d5a11d5431581aa185cee32ab29103083a65e5ddaffed04809b16137c
BazaLoader
210c46aae3d71ecbac79447d124d895dded804c08342b17258cd4b400b0bebe0
BazaLoader
447a0ab1979dfe2b0d3ebd7082dec8ad9fba6c8a34bef39217fa4f2c6073c5d8
BazaLoader
6c6939f72d85a8d97f4aa81c53d02dccca16e6deff4a2a3eb017ea374713aace
BazaLoader
9eefae4b7a4bd95ddd0f411fee8bf9b7e3c4a521064d2c14c77612b5f5e68707
BazaLoader
fea4f9bef08bc96706182b62d1ebcd4aeacaee3fb91f52dee31fd0838b8386ac
BazaLoader
Result
Malware family:
bazarloader
Create hunting rule
Score:
  10/10
Tags:
family:bazarloader dropper loader
Link:
https://tria.ge/reports/210618-jczldeh36e/
Behaviour
Suspicious use of WriteProcessMemory
Bazar/Team9 Loader payload
Bazar Loader
Unpacked files
SH256 hash:
b057eb94e711995fd5fd6c57aa38a243575521b11b98734359658a7a9829b417
MD5 hash:
c3146a80e7a0c5069b3b3172bc4a16c1
SHA1 hash:
ad3fe6390c5ed83333574de3b925e7434e552762
Link:
https://www.unpac.me/results/76b7ea35-16e3-4ebc-81fe-4441d505d332/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b057eb94e711995fd5fd6c57aa38a243575521b11b98734359658a7a9829b417

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/166831/

Comments