MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b24e47b63ec35e9a420b9fbb64106b2f9e6e8a18676e8c79ff2ca67af06f1291. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b24e47b63ec35e9a420b9fbb64106b2f9e6e8a18676e8c79ff2ca67af06f1291
SHA3-384 hash: 35299cbfc0190a4d3e22ea9185bb713433b11c8ded16cfa8386060389eac56b5eed058deb125147ab15b72b9442b2106
SHA1 hash: 1270e4a9801c1f5a20caf4ad95f7b53989399241
MD5 hash: ea7575b75f67083c962e3fa326f6299a
humanhash: don-high-north-beer
File name:d4.dll
Download: download sample
Signature BazaLoader
Create hunting rule
File size:262'656 bytes
First seen:2021-11-10 17:16:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9e9b9dc9a1d7fc9680151ec542607c93 (6 x BazaLoader)
ssdeep 3072:4k1uIY7yyiztyzuyb6Jdn+WTxwMpz8wFLMsR83sOhchfA5+IhOh/oUOmi0Uugawl:7lFBhTPJ3zZ123sMch1xli0fwVLFf
Threatray 22 similar samples on MalwareBazaar
TLSH T16F44D05B63A51C7BE163827DC4634A14DB31B8124A21DBAF03A4876A2F677D09D3EF31
Reporter fr0s7_
Tags:BazaLoader BazarLoader dll exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
lolaa.dll
Verdict:
No threats detected
Analysis date:
2021-11-10 17:41:47 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cb8df683-10e1-42e0-9f90-deef3b152832

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/204841/
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
greyware monero
Link:
https://www.filescan.io/uploads/618bfe8f175442ca93aaf329/reports/d46bbd4f-cfbb-43ef-90da-c2776801e6d6/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c590a99b-55c5-49b6-9326-ea68dad9afd9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/886951
Signature
Found detection on Joe Sandbox Cloud Basic with higher score
Found potential dummy code loops (likely to delay analysis)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 519422 Sample: d4.dll Startdate: 10/11/2021 Architecture: WINDOWS Score: 52 18 Found detection on Joe Sandbox Cloud Basic with higher score 2->18 7 loaddll64.exe 1 2->7         started        process3 process4 9 rundll32.exe 7->9         started        12 cmd.exe 1 7->12         started        14 rundll32.exe 7->14         started        signatures5 20 Found potential dummy code loops (likely to delay analysis) 9->20 16 rundll32.exe 12->16         started        process6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b24e47b63ec35e9a420b9fbb64106b2f9e6e8a18676e8c79ff2ca67af06f1291/
Verdict:
unknown
Similar samples:
0793547b9e20fcb33a61abf134a8ffad5967d58377fc432f2a1c4d9ce46aa15e
BazaLoader
15db7f06895bdf1b299f977b5a513eea85490541fa990b02b5612b31b5a3bf68
BazaLoader
1f9f8cf325ff2de752478ff0623086019ebd1ffbce1d1c2f60e0b70149279f10
BazaLoader
6035d44fa6845d348946b868b93fbb60a43873f731f96ef6e8a54a9b4a73103a
BazaLoader
6d8fcc850b8c796be3f6244f1f681332d155486bdd326ad6be78ea7172718db4
BazaLoader
7a33388ff7dd7e507fef9fa7ed4e417af518c8a81a9d7bcd910723d16c940e76
BazaLoader
95347bea5432c09cc216f5db771b956eb78a43139789036af9446139967b1c7f
BazaLoader
b09d01a58a549aa6bb7c82061bf8e53985917794ad6a4d52ae62f05239964b59
BazaLoader
b2a4b60dd0c7e9dfa6d88e9badad810ff74c5f42054b7af22e95fb5553d67331
BazaLoader
+ 12 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/211110-vtpjjahgg7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
b24e47b63ec35e9a420b9fbb64106b2f9e6e8a18676e8c79ff2ca67af06f1291
MD5 hash:
ea7575b75f67083c962e3fa326f6299a
SHA1 hash:
1270e4a9801c1f5a20caf4ad95f7b53989399241
Link:
https://www.unpac.me/results/7451d553-0267-491e-b07f-726e019b3732/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b24e47b63ec35e9a420b9fbb64106b2f9e6e8a18676e8c79ff2ca67af06f1291

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BazaLoader

Executable exe b24e47b63ec35e9a420b9fbb64106b2f9e6e8a18676e8c79ff2ca67af06f1291

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/204841/

Comments