MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1bd90e8816e506f387b5552b7487423da84b9818cf4e94f175ed7206cffe4f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DBatLoader


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1bd90e8816e506f387b5552b7487423da84b9818cf4e94f175ed7206cffe4f5
SHA3-384 hash: 4f21c3cbe08f3265f6da7286a321dbcffca156f93af506587a5ec7a3e5e295bf37cf620266e49358696c83ba0402765a
SHA1 hash: c11c0e9de5970cfcc1362ba5e23ca6e915d607c8
MD5 hash: 0eb0c2c0460fca7a732b6277d3440850
humanhash: steak-vermont-red-eighteen
File name:0eb0c2c0460fca7a732b6277d3440850
Download: download sample
Signature DBatLoader
Create hunting rule
File size:1'047'040 bytes
First seen:2022-01-19 08:07:26 UTC
Last seen:2022-01-19 10:01:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 754d3cb591c2595382ee13ad1e14d6f6 (1 x DBatLoader)
ssdeep 24576:rjAnDYJpwBcSqBX3AxXranXKT7vgKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK7:rqyvwig
TLSH T185259E27F2D14837D0271A784C27ABB95925BF013E28B9477BF82D4C4E3A6817429F97
File icon (PE):PE icon
dhash icon 7cf6b6aa8ed8e8b4 (18 x Formbook, 8 x DBatLoader, 7 x AveMariaRAT)
Reporter zbetcheckin
Tags:32 DBatLoader exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
189
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/220525/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader44.34217.6227.8905.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
DNS request
Sending a custom TCP request
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/4691/overview
Behaviour
MalwareBazaar
CheckScreenResolution
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe keylogger packed replace.exe
Link:
https://www.filescan.io/uploads/61e7c6eef81da814af8eb89a/reports/44f2bee1-4ce1-43d0-adb9-5b1bd781349b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/68159e9e-617a-4acf-83ac-f12f6b7b8718
Result
Threat name:
DBatLoader
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/923192
Signature
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Yara detected DBatLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c1bd90e8816e506f387b5552b7487423da84b9818cf4e94f175ed7206cffe4f5/
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2022-01-18 16:58:00 UTC
File Type:
PE (Exe)
Extracted files:
53
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yg6zb2ebnzig6od3kvjlosduepnijombrt2ostyxl3lsa3h74t2q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220119-j1msqsgbhp/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
9cebbcef1bd6016dfebf4c69f4c49501d914d5a8607777eba952d7ad40346f9a
MD5 hash:
322f2da5c29542aaecc9ee17e1fe7f00
SHA1 hash:
734c432e2595d53c82ee28604f909d3390018dd8
Detections:
win_dbatloader_w0
Create hunting rule
Link:
https://www.unpac.me/results/6d2163a2-2ac3-4310-b947-e0df7f27a985/
Parent samples :
a7d0cff6a05994c0ae576fa842e44a101879317f62466923f1d96adee2c4a898
770c04c7c3a53d584af17e38e8e3fe5767d431e26ca59b4dc20de71045354295
c1bd90e8816e506f387b5552b7487423da84b9818cf4e94f175ed7206cffe4f5
b93811479bf82f08e97be19c596166482cdb2b31b8762c8c310307dfd6dab61e
bed2b6abf700b607d4f856c63832bae23f4120a8786b5af4cbdaa0d8525a47bc
0d9facf6b7073de4e3db19eb64e80589d98cfe35b66942191390a891bb8b241c
3add41c98717984fa6f6d1bff7b1506024e2d91932b60a43810498c44daaef86
ddfc4415217ec461350071b0965a1132ad43472bdc15980da23c46d8f1da188e
b5cea089bb899e75deef98dc1569dc3af17a070f6fa594377b49299d63bbbd8f
7b2232160ba59858c112d6dcb2252701cdb5c1e38b216fb046bd13718c2716ce
b83152fc7fc7aa9950add1de9c3d12e107e3b6eb481c1a368018ed26d3792cdc
0ba0cd39397ce42a5a678b0ef803f99267dc16de6383f61107e298633e23e436
f69c67cbf4e8f7e6d0f9157de994b80e6eb0f7b251dcc461940d51659055640f
5508d3fe5c41c4dec4a7570f0d60af3b6ba8cb9251ee1eae91e8fc061c3f58ef
cab0b398ecbf051d2fefcd25624c8f2b8119d52304c4e9836ede3b5391119fe6
4e837a08dd24b1f710c6fce10f974a49141decf103d6aeb290c0d36bba75121b
7a5846b1a7c0bbada0892d8b315bef3b4682192268da9ea779e98449681dd7ed
94ca0af32ea93d62fa355e450747ae9755c5dcd09e7b4186cd5bd04d7fc56565
0183d2fd44e215d6dc408bec45db9767a765767737b737032ff97e75adca46cd
5a04697834016e869389ef0d6a08656669cf5597fe0a6378a993250d311482e3
01e537ab28cea013b9a08939057369aa9369e8ff009231cb95101dc24348bb2e
76389098be8a410aaf6b21297912f6ef745db6e8a2f2aaaddda8685bd91091c3
662c7dc1c6b6fbc7cb4622876c0b0b2a42dba7081adede8a65182aef085f7082
7793e93512bcef7b9d90de59ef17b8771ecc9da854da2f4c8b3be8ba3c5a2c20
SH256 hash:
c1bd90e8816e506f387b5552b7487423da84b9818cf4e94f175ed7206cffe4f5
MD5 hash:
0eb0c2c0460fca7a732b6277d3440850
SHA1 hash:
c11c0e9de5970cfcc1362ba5e23ca6e915d607c8
Link:
https://www.unpac.me/results/6d2163a2-2ac3-4310-b947-e0df7f27a985/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/c1bd90e8816e506f387b5552b7487423da84b9818cf4e94f175ed7206cffe4f5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DBatLoader

Executable exe c1bd90e8816e506f387b5552b7487423da84b9818cf4e94f175ed7206cffe4f5

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1988779/
Cape
Cape
https://www.capesandbox.com/analysis/220525/

Comments


Avatar
zbet commented on 2022-01-19 08:07:27 UTC

url : hxxp://66.154.97.102/oswindows10pro/csrss.exe