MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd18e2bebc72f731a5dbe0588ab3633b0421f45fa205cbb674f231d56f4a4e5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd18e2bebc72f731a5dbe0588ab3633b0421f45fa205cbb674f231d56f4a4e5a
SHA3-384 hash: a2d3428c9e32e4587fced03222f0a8768001667a7b0344020407360632e579bbf4e7a1ea6f31651ac67a49ea71726deb
SHA1 hash: d0f82e46e869f59b6127aa7d239a392019c35e88
MD5 hash: 64a5774048b74fc220ddfd6dc411a48d
humanhash: maine-oregon-glucose-georgia
File name:64a5774048b74fc220ddfd6dc411a48d.dll
Download: download sample
Signature BazaLoader
Create hunting rule
File size:349'322 bytes
First seen:2021-10-22 10:06:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8fc81352ac718681e376edb5b78a04b3 (5 x BazaLoader)
ssdeep 6144:u55lc2c9mVV7pM3RRVru0hoy4Ip9b/mOawHSjQ5:u555c9A2DVru0hoy3p9SVjo
Threatray 61 similar samples on MalwareBazaar
TLSH T1C7746CA1A5D13990E9C2D87E861BB372EA4B54332FA1E0C271A70BD3452F4D5DF52E23
Reporter abuse_ch
Tags:BazaLoader BazarBackdoor BazarLoader dll exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
253
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/199347/
Detection(s):
SecuriteInfo.com.Suspicious.Win32.Save.a.18022.2906.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay
Link:
https://www.filescan.io/uploads/61728d46db358dd15ed3777e/reports/046c3199-6856-40e4-884b-220b469688a5/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e1011a09-6243-4d62-b8f2-36c603a2fc3f
Result
Threat name:
Bazar Loader
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/875163
Signature
Allocates memory in foreign processes
Detected Bazar Loader
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd18e2bebc72f731a5dbe0588ab3633b0421f45fa205cbb674f231d56f4a4e5a/
Threat name:
Win64.Trojan.AgentAGen
Create hunting rule
Status:
Malicious
First seen:
2021-10-22 02:18:00 UTC
AV detection:
9 of 28 (32.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zumofpv4ol3tdjo34bmivm3dhmccd5c7uic4xntu6iy5k32kjzna._file
Verdict:
malicious
Similar samples:
081409dbf0464baad30442d3f8cea67c885e15e438b0f6dbf9c64da67620eaa1
BazaLoader
1298c6133f76de5491828ab2eac13325c21249a1329c971f6b60e7ed85827280
BazaLoader
4a3dc99f99af4f2d8bd707a4163886df47cbdf6934856c416785010334412043
BazaLoader
7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd
BazaLoader
aa2cb7c438568cb9baf184532b6bda4677cd3bb9f22f8d3e65e22588eeace26f
BazaLoader
bf58ef24dd79c02522163be7d8e523cecb2be8daf30e98fd6673d583cbc9e74b
BazaLoader
e31898f207733cf33a6f951d8337d6cd303334a9df95956686657e3f13436ae8
BazaLoader
e36d3891436038b678aae50859a8bca3c50989deea07b8776c3927e76ad57c1d
BazaLoader
f29dbde41d19fa55ca3cd077df6833441aca6df5f1cfccbca9ed9554214263da
BazaLoader
+ 51 additional samples on MalwareBazaar
Result
Malware family:
bazarloader
Create hunting rule
Score:
  10/10
Tags:
family:bazarloader dropper loader
Link:
https://tria.ge/reports/211022-l5mdwabea2/
Behaviour
Bazar/Team9 Loader payload
Bazar Loader
Unpacked files
SH256 hash:
cd18e2bebc72f731a5dbe0588ab3633b0421f45fa205cbb674f231d56f4a4e5a
MD5 hash:
64a5774048b74fc220ddfd6dc411a48d
SHA1 hash:
d0f82e46e869f59b6127aa7d239a392019c35e88
Link:
https://www.unpac.me/results/3c0f55bf-66ba-4988-a388-9ecfac913557/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/cd18e2bebc72f731a5dbe0588ab3633b0421f45fa205cbb674f231d56f4a4e5a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BazaLoader

Executable exe cd18e2bebc72f731a5dbe0588ab3633b0421f45fa205cbb674f231d56f4a4e5a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1705730/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/199347/

Comments