MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2062d2d3ac3815d7a050a1bfb261c98581e7398f8b0c7ca670d7ddb328611d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DBatLoader


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2062d2d3ac3815d7a050a1bfb261c98581e7398f8b0c7ca670d7ddb328611d2
SHA3-384 hash: 21311b04ac7b05f2559ae69b19313d4f76fc7d856cbb4fee06fd1d0fe98368af9da838fb1380b7f92baebf4e76ceb8a6
SHA1 hash: a165284d29f69da7a05568e1733d4f6899333ce6
MD5 hash: d13b93eb2e0785ef6faeec7910d61ae5
humanhash: triple-earth-uranus-robin
File name:AVISO DE TRANSFERENCIA.exe
Download: download sample
Signature DBatLoader
Create hunting rule
File size:714'752 bytes
First seen:2022-08-19 08:16:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f9f8a4f5d6af22b8a5196d501f8619d8 (2 x DBatLoader, 2 x Formbook)
ssdeep 12288:vGJufSEN4Nb+cuuUkyFnhPTWT5OWZdavN2HuEGlemz5z:vGqN4Nb9SmL4Fvz
Threatray 876 similar samples on MalwareBazaar
TLSH T1F0E47BAD52B1D133D13A5E38DD1752F8B9217DD0292868C67FEA3E092FB96806C1B173
TrID 51.9% (.EXE) InstallShield setup (43053/19/16)
17.0% (.EXE) Win32 Executable Delphi generic (14182/79/4)
15.7% (.SCR) Windows screen saver (13101/52/3)
5.4% (.EXE) Win32 Executable (generic) (4505/5/1)
2.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon 27d0d8d4d4d8f007 (5 x RemcosRAT, 5 x DBatLoader, 4 x FormBook)
Reporter TeamDreier
Tags:DBatLoader exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
300
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
AVISO DE TRANSFERENCIA.exe
Verdict:
Suspicious activity
Analysis date:
2022-08-19 08:21:05 UTC
Tags:
installer
Link:
https://app.any.run/tasks/c3f80a39-2df8-4224-b29a-af33736dea0d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/299741/
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

SecuriteInfo.com.Artemis64B12EA2B1BF.9158.10905.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Sending a custom TCP request
DNS request
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/29476/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm keylogger overlay
Link:
https://www.filescan.io/uploads/62ff47028adad7d773a28734/reports/294428d0-cf0e-4ed7-98ff-9d31251b7810/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
REMCOS
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e4a2c653-3aeb-48e6-ba09-47978dc56608
Result
Threat name:
DBatLoader
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1054275
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected DBatLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c2062d2d3ac3815d7a050a1bfb261c98581e7398f8b0c7ca670d7ddb328611d2/
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2022-08-19 03:11:41 UTC
File Type:
PE (Exe)
Extracted files:
80
AV detection:
23 of 26 (88.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yidc2lj2yoav26qfbin7wjq4tbmb444y7cympsthbv65wmugchja._file
Verdict:
malicious
Similar samples:
0454c0078d232502c16596fb561e698d11c2d68c1905d68a9578385a6a116a00
DBatLoader
0ef5c827d7b4bd9a40906909a27902b3ddcd8e3b2181d2d0df02834c96925033
DBatLoader
21d5d5d31a4a17556ceb223272f3e908a352485dcd90dc203c99826638e7cbd9
DBatLoader
2fe6e7ac5c699248c6f80259e23782d718bea739b0687a91e949cbdf486a4abf
DBatLoader
357d7791398ff5681a24bf65fd84deb8067d8ff1365d2c00cd6672fd0e5ff4f9
DBatLoader
3b68e962b5129b08db1e475b47df5c2f1a6375a3adaa9b776f9d02ae13462e34
DBatLoader
6555c0d7b9acbff665b84aec9164dd1cf01740a10e735791f25c28a5da830740
DBatLoader
6c232920b9bb1f2c3bf71124f93f06f49fdf41c3bae35237f7b031bebba14cc5
DBatLoader
8b7641fa594fce9205916ac35de0c043177580e9469770f5e39adf0a72b858c4
DBatLoader
cd06021301a3677a02936aa5820f303d7aa650f63366266b75e553c669be08f5
DBatLoader
+ 866 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220819-j6pvaaafgp/
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
7984c6d5d9c34c45857243a72d76b2f82c27cbf3d202d478efc693e8eede7075
MD5 hash:
81fd3ae23410ef7846043591e4dfc2ba
SHA1 hash:
588327f8f406348c8e081fd04cb20fb969d526f6
Detections:
win_dbatloader_g1
Create hunting rule
Link:
https://www.unpac.me/results/a551deb2-a439-4e8e-a1ca-e63ef4ffa965/
Parent samples :
07af9a8905e2947a60d954b7f974b2fbe4a62223302c86eb866f447e61ce4245
2fe6e7ac5c699248c6f80259e23782d718bea739b0687a91e949cbdf486a4abf
ce97cec6d38eb389785a1987f52261fb466274e69522f6cdbebac7095f2cc972
c7c1a88e84bb85e9437b450de1e701473081b8cf7e45dcf62fd317262bfb2970
3b68e962b5129b08db1e475b47df5c2f1a6375a3adaa9b776f9d02ae13462e34
d88a2f2dc41473cc633251eefe4aa458fa9311b71c9a5aae4b33cb0fd268d562
0ef5c827d7b4bd9a40906909a27902b3ddcd8e3b2181d2d0df02834c96925033
357d7791398ff5681a24bf65fd84deb8067d8ff1365d2c00cd6672fd0e5ff4f9
6555c0d7b9acbff665b84aec9164dd1cf01740a10e735791f25c28a5da830740
ee2ced66adeccfe45722c49efd8b99fd032d0426ff74cd10fc1e182521431404
6c232920b9bb1f2c3bf71124f93f06f49fdf41c3bae35237f7b031bebba14cc5
c2062d2d3ac3815d7a050a1bfb261c98581e7398f8b0c7ca670d7ddb328611d2
8de6ed84b73447703a0ddf14eb89ffcbe4a6095e4826cf07253ca04fb38d90d6
f3eed67f2ce421acee035ac4b3eeaa02fc548a485882c573d671355dfcf03a8a
SH256 hash:
c2062d2d3ac3815d7a050a1bfb261c98581e7398f8b0c7ca670d7ddb328611d2
MD5 hash:
d13b93eb2e0785ef6faeec7910d61ae5
SHA1 hash:
a165284d29f69da7a05568e1733d4f6899333ce6
Link:
https://www.unpac.me/results/a551deb2-a439-4e8e-a1ca-e63ef4ffa965/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/c2062d2d3ac3815d7a050a1bfb261c98581e7398f8b0c7ca670d7ddb328611d2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

DBatLoader

Executable exe c2062d2d3ac3815d7a050a1bfb261c98581e7398f8b0c7ca670d7ddb328611d2

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/299741/

Comments