MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5d2f0da18fb33a25b53fd8b9b98f0bfa95458e3c0feb687852f469167a0110c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c5d2f0da18fb33a25b53fd8b9b98f0bfa95458e3c0feb687852f469167a0110c
SHA3-384 hash: b986f79d3076ad1d78edd355bb107c70d1ff03d58a1268ddacb1884f9118c029ae96901ec7d45cb64e28f3b8edd4c757
SHA1 hash: ca3a01d833dafaef66c2614dc3039f9c2a376229
MD5 hash: b2c85051f93825721307c34cd0f0cb34
humanhash: freddie-delta-floor-oregon
File name:naw11.dll
Download: download sample
Signature BazaLoader
Create hunting rule
File size:368'262 bytes
First seen:2021-09-14 16:40:37 UTC
Last seen:2021-09-14 18:05:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ae129a5e8c4f26c5653c8d96d5780841 (2 x BazaLoader)
ssdeep 6144:Qiwau06d0VWd7qiTPTggYGWlxyjA5TZd0sVcB0Fup:QiZuxqwd13gKWlnRW
Threatray 3 similar samples on MalwareBazaar
TLSH T18674BF0AF7D5047AD46BC13081778A62BA7278DB0A24D75F13B841753EB2BF0693EB64
Reporter James_inthe_box
Tags:BazaLoader dll exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
151
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
naw11.dll
Verdict:
No threats detected
Analysis date:
2021-09-14 16:44:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b8bcf2ec-a32c-4011-a79f-922a3f46ea12

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/187864/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Sabsik.FL.Bml.26298.16576.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/617510a0a9d585e6d5370d99/reports/1f51926d-8177-4429-8026-b9ab96bf511e/overview
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/9d7aa313-7bf5-485b-aaaa-ab0735dd795c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/850841
Signature
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Sigma detected: Regsvr32 Command Line Without DLL
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c5d2f0da18fb33a25b53fd8b9b98f0bfa95458e3c0feb687852f469167a0110c/
Threat name:
Win64.Trojan.Sabsik
Create hunting rule
Status:
Malicious
First seen:
2021-09-14 16:40:41 UTC
File Type:
PE+ (Dll)
AV detection:
10 of 27 (37.04%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
72322a8878b2f8df066d2f3b1d6bc53d8dd53a6287c3e65281a6eb5d74bffee0
BazaLoader
a75eed2248226fdf4940c516c34bba62cd9e441de8b964d36a9485efe2a4053b
BazaLoader
ad0d56689383af376b66cb089ad81244bc96efc9484504d54a593d77a580686f
BazaLoader
Result
Malware family:
bazarloader
Create hunting rule
Score:
  10/10
Tags:
family:bazarloader dropper loader suricata
Link:
https://tria.ge/reports/210914-t64csabacj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Bazar/Team9 Loader payload
Bazar Loader
Suspicious use of NtCreateUserProcessOtherParentProcess
suricata: ET MALWARE BazaLoader Activity (GET)
Unpacked files
SH256 hash:
c5d2f0da18fb33a25b53fd8b9b98f0bfa95458e3c0feb687852f469167a0110c
MD5 hash:
b2c85051f93825721307c34cd0f0cb34
SHA1 hash:
ca3a01d833dafaef66c2614dc3039f9c2a376229
Link:
https://www.unpac.me/results/61ba7f17-18f1-4125-9648-d09a39180a9d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c5d2f0da18fb33a25b53fd8b9b98f0bfa95458e3c0feb687852f469167a0110c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/187864/

Comments