MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cac07a4582d65b74322168e6aed9d7fd05e59e335fb7d1cdb7b5f7149a07d3eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cac07a4582d65b74322168e6aed9d7fd05e59e335fb7d1cdb7b5f7149a07d3eb
SHA3-384 hash: 4f46f8c93e0bc995f096989acd54292023c071e6a1bcec037dea2ca89374273370c69e01d14d28a2fe82979424941305
SHA1 hash: d21dd45cad46e9710d15dd2025592c4e93c51d2f
MD5 hash: 12f16a39380db2f9b404581cb07253ab
humanhash: foxtrot-saturn-river-fillet
File name:SecuriteInfo.com.Trojan.Win32.Fuerboos.Ecl.13565.991
Download: download sample
Signature BazaLoader
Create hunting rule
File size:291'840 bytes
First seen:2021-03-22 23:31:03 UTC
Last seen:2021-04-01 03:28:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:EelaufTZ3V6ZTVlKoND1sKpxPfHV9HLO2M34OEBMUwuoIxhFGO/08C8/j:naufXQbKoND1tJLQlNUwGPFGl8
Threatray 2 similar samples on MalwareBazaar
TLSH F254AF78B5143CE6EA7F537BCA96BDDD13A237628987A8CD80A477C30563375EE02805
Reporter SecuriteInfoCom
Tags:BazaLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
159
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Win32.Fuerboos.Ecl.13565.991
Verdict:
No threats detected
Analysis date:
2021-03-22 23:33:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/70046f34-3362-40d4-89ec-8ce693c3c8f5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
BazaLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/126385/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Fuerboos.Ecl.13565.991.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/649089
Signature
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
Sample uses process hollowing technique
Sets debug register (to hijack the execution of another thread)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cac07a4582d65b74322168e6aed9d7fd05e59e335fb7d1cdb7b5f7149a07d3eb/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-03-22 21:41:14 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zlahurmc2znximrbndtk5wox7uc6lhrtl635dtnxwx3rjgqh2pvq._file
Verdict:
unknown
Similar samples:
4435942b9f09846a337474f396fd0a885f41742f05899dcc1a12b6b44a31126b
BazaLoader
98cbdd45b45679061e3a3741cc2a32ef8abbc599de118a4604cff54b528cdaf3
BazaLoader
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210322-nj35ttdh12/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blocklisted process makes network request
Unpacked files
SH256 hash:
cac07a4582d65b74322168e6aed9d7fd05e59e335fb7d1cdb7b5f7149a07d3eb
MD5 hash:
12f16a39380db2f9b404581cb07253ab
SHA1 hash:
d21dd45cad46e9710d15dd2025592c4e93c51d2f
Link:
https://www.unpac.me/results/7a10d5d0-ff2c-43f9-9426-74478585d874/
Malware family:
BazarLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/cac07a4582d6/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.17
Link:
https://yomi.yoroi.company/submissions/cac07a4582d65b74322168e6aed9d7fd05e59e335fb7d1cdb7b5f7149a07d3eb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BazaLoader

Executable exe cac07a4582d65b74322168e6aed9d7fd05e59e335fb7d1cdb7b5f7149a07d3eb

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1084700/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1084704/
  
URLhaus
https://urlhaus.abuse.ch/url/1084706/
  
URLhaus
https://urlhaus.abuse.ch/url/1084708/
  
URLhaus
https://urlhaus.abuse.ch/url/1084731/
  
URLhaus
https://urlhaus.abuse.ch/url/1084775/
Cape
Cape
https://www.capesandbox.com/analysis/126385/

Comments