MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b42787297f2cc4a41689b03480f16889b12267e075fc2df6849621cae3a99184. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b42787297f2cc4a41689b03480f16889b12267e075fc2df6849621cae3a99184
SHA3-384 hash: 4db58d19e37800cf4bd16888073d6f43b4d93167510e26b833d776538650e46eee32ff6090d8b3ab091ad1d40cb06ea3
SHA1 hash: 3bef1fd77c310f3c7787ffe271185b132ed0a1b6
MD5 hash: 78dc44b0421e21302e0c1e772b561d1c
humanhash: autumn-minnesota-fish-oranges
File name:78dc44b0421e21302e0c1e772b561d1c
Download: download sample
Signature BazaLoader
Create hunting rule
File size:692'224 bytes
First seen:2021-12-17 07:36:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 24e50a0f7fdaf459a1870e3ba403191a (1 x BazaLoader)
ssdeep 6144:z4KBuDI18+gWcBh7YiocrgW4EbmOcn8FKG14COVNPkohz/jz/U8Hjs/09sxghx0R:z1YZO2gW44F14CKsoFTsxkxP9b2
Threatray 30 similar samples on MalwareBazaar
TLSH T19BE48D157A9597BDF446C0788543C392AA2139520B2D9FFF02C4F27A1E6A7F25E36338
Reporter zbetcheckin
Tags:BazaLoader exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
176
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/214732/
Detection(s):
Win.Malware.Agent-9915978-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Transferring files using the Background Intelligent Transfer Service (BITS)
DNS request
Launching a process
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/2344/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61bc3e4a8541392eb4ebd839/reports/026feb6a-e4e6-4c07-bcdb-20064473949e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/267698aa-8a12-45ad-9479-84ae3ef858a5
Result
Threat name:
BazaLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/908931
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Yara detected BazaLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b42787297f2cc4a41689b03480f16889b12267e075fc2df6849621cae3a99184/
Threat name:
Win64.Spyware.Bazarloader
Create hunting rule
Status:
Malicious
First seen:
2021-12-15 13:17:46 UTC
File Type:
PE+ (Dll)
Extracted files:
4
AV detection:
18 of 28 (64.29%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
078968cfc9af97a102a362ad87cb30e8d3d33d28d0dd7c97fc31e85ff3950611
BazaLoader
0c425dddb88f963f7a1e8adf61342b62f8988aed43be64f7f95635611cfe763c
BazaLoader
1f136522cc2cdea93e2086aa67ab07102bcef7e31b201489b43707986824b3f8
BazaLoader
45b490e6d8cd1c139ba5797aab43a62a9e5b54ccce29a092c5a356fb8b441565
BazaLoader
65cef336fae2eac93b5966f02d48e118ee8e2e084392135e96f02e7713e99611
BazaLoader
8f69a3a077e12b5e4ab5a446606f0fc226b827dcafb4f8e1768253b252dca895
BazaLoader
cbd830c745bbec26733214798fe144c61ef4bac342c853f8a08b682077b2178b
BazaLoader
ed0c061e3de7a017b87fab71f5b1d9e9fe8b8ac416e7d9840fd59d198b4869cb
BazaLoader
f18abbc411eb048037a5786fb0615dd48f4954d5ac484e3e25d7515cfe221a45
BazaLoader
fb46649e51c1b2fc47d3bc0a129563c7bcb6f7e5353d46e0a0bd2f1205d675b9
BazaLoader
+ 20 additional samples on MalwareBazaar
Result
Malware family:
bazarloader
Create hunting rule
Score:
  10/10
Tags:
family:bazarloader dropper loader
Link:
https://tria.ge/reports/211217-jf7x6sdce7/
Behaviour
Bazar/Team9 Loader payload
Bazar Loader
Unpacked files
SH256 hash:
b42787297f2cc4a41689b03480f16889b12267e075fc2df6849621cae3a99184
MD5 hash:
78dc44b0421e21302e0c1e772b561d1c
SHA1 hash:
3bef1fd77c310f3c7787ffe271185b132ed0a1b6
Link:
https://www.unpac.me/results/ac41af30-2a53-487c-93dc-8ef469b78aa8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b42787297f2cc4a41689b03480f16889b12267e075fc2df6849621cae3a99184

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BazaLoader

Executable exe b42787297f2cc4a41689b03480f16889b12267e075fc2df6849621cae3a99184

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1892569/
Cape
Cape
https://www.capesandbox.com/analysis/214732/

Comments


Avatar
zbet commented on 2021-12-17 07:36:23 UTC

url : hxxp://coin-coin-data-6.com/files/1818_1639496964_4874.dll