MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b706a171ed0c9db2b82a3fb16390e8f2716bd256f79182fdd8a76291a1078a5e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DBatLoader


Vendor detections: 14


Intelligence 14 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b706a171ed0c9db2b82a3fb16390e8f2716bd256f79182fdd8a76291a1078a5e
SHA3-384 hash: e267d66578930f97f7976f4d36a319e13525fa40fb2ed5a56aa2cda6ce8ba413edc1422084cbaf3cab243fb3421d10f0
SHA1 hash: ec676063bf7e75f9b7b39e7474be24c1753726dc
MD5 hash: cc269041b0323aacc38b7953c7600c8a
humanhash: pip-william-may-zebra
File name:PO-EN12929893.exe
Download: download sample
Signature DBatLoader
Create hunting rule
File size:2'235'904 bytes
First seen:2023-10-11 18:59:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f48d9fecb191a3f4fc9501cb4eaddebd (3 x DBatLoader, 1 x RemcosRAT)
ssdeep 24576:UdmBgngV1ChWfve6E/5s63YeXb6id8UYeDRXCgRHCZezBQu7KR5VNUAJOw637yFh:UdDgu6ERs6oG6mYoYWQu5HwgP
Threatray 44 similar samples on MalwareBazaar
TLSH T17EA5E167A2904C33F1323A785F1F92E95C1EF9202D64EC8A76D45E482B766C13E39397
TrID 54.3% (.EXE) InstallShield setup (43053/19/16)
16.5% (.SCR) Windows screen saver (13097/50/3)
13.2% (.EXE) Win64 Executable (generic) (10523/12/4)
5.6% (.EXE) Win32 Executable (generic) (4505/5/1)
2.6% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon 7e3c7068e8e8e062 (28 x DBatLoader, 6 x RemcosRAT, 4 x Formbook)
Reporter abuse_ch
Tags:DBatLoader exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
263
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PO-EN12929893.exe
Verdict:
Malicious activity
Analysis date:
2023-10-11 19:13:43 UTC
Tags:
dbatloader
Link:
https://app.any.run/tasks/f0ecaad2-7ba4-4328-bd99-3ca9d8e7b86a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
ModiLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/453378/
Detection(s):
SecuriteInfo.com.Trojan.SpyBot.1310.20796.2014.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control keylogger lolbin packed remcos replace
Link:
https://www.filescan.io/uploads/6526f0bbd9aa1327017f3493/reports/2827c7be-1192-41d7-bf52-ad42d47a9eb6/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/b706a171ed0c9db2b82a3fb16390e8f2716bd256f79182fdd8a76291a1078a5e
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
IEInspector Software
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/ae1a8efc-9d5d-4c27-87c1-b42f42e7a1c8
Result
Threat name:
DBatLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1324018
Signature
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Yara detected DBatLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b706a171ed0c9db2b82a3fb16390e8f2716bd256f79182fdd8a76291a1078a5e/
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Suspicious
First seen:
2023-10-11 12:11:46 UTC
File Type:
PE (Exe)
Extracted files:
102
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w4dkc4pnbso3fobkh6ywhehi6jywxusw66iyf7oyu5rjdiihrjpa._file
Verdict:
malicious
Similar samples:
0b4976a43a547ad971fbceda4c867b8cf1d70a7495af9703758e4829365377b8
DBatLoader
287a8c784bc439337cd063735d6941eb0a40f2a9137b085bb86dd8d4aa14fcc9
DBatLoader
33ca9923e204fe49ca08062c7799a0edd936be726f89e661756e058677eb4a96
DBatLoader
3bc486f0fe0705dc71bd7f103965c5708a878f908ed0ff11ab973af842805a80
DBatLoader
63946c04c77ccb8f6f48057f0cd4495f7751192b0016c99669a0b6aea330d538
DBatLoader
65419d777e93745b9feeee9969ef2a1fbd0049f816bda9053a96d2daedb5074e
DBatLoader
6d2399b13a176bbb2b4319d7fc405de5078f1ded3bb0653f8111e79a3f0ab885
DBatLoader
743a42fa1745ca546bde00cab7c219c79b795ab0676a2d7478a655db7efa1fb2
DBatLoader
edc70bfb65d34acf37b87bb010b537802eb81d84431f8eba294bca3e3304a37e
DBatLoader
+ 34 additional samples on MalwareBazaar
Result
Malware family:
modiloader
Create hunting rule
Score:
  10/10
Tags:
family:modiloader trojan
Link:
https://tria.ge/reports/231011-xnmtvsfe2x/
Behaviour
ModiLoader Second Stage
ModiLoader, DBatLoader
Unpacked files
SH256 hash:
b706a171ed0c9db2b82a3fb16390e8f2716bd256f79182fdd8a76291a1078a5e
MD5 hash:
cc269041b0323aacc38b7953c7600c8a
SHA1 hash:
ec676063bf7e75f9b7b39e7474be24c1753726dc
Link:
https://www.unpac.me/results/6bb17b9e-d237-44ba-b6e3-cb2eb8fa358d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b706a171ed0c9db2b82a3fb16390e8f2716bd256f79182fdd8a76291a1078a5e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BobSoftMiniDelphiBoBBobSoft
Create hunting rule
Author:malware-lu
Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

DBatLoader

Executable exe b706a171ed0c9db2b82a3fb16390e8f2716bd256f79182fdd8a76291a1078a5e

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/453378/

Comments