MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7d8683f4534ce4888d12821ce5034b73de42cc5c00f088231d9825809307ea8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BazaLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	d7d8683f4534ce4888d12821ce5034b73de42cc5c00f088231d9825809307ea8
SHA3-384 hash:	adae2dd162fab469546a3440d99f70342e1d0ba82c3156bf8ca922b6369fd03d3b906a69925e55eaac6990aff4795b86
SHA1 hash:	f3c32d21906217912a1efc1f905cccc02d8ce30f
MD5 hash:	465fb3d24617ccd418f0c2ef51b3e783
humanhash:	pip-fourteen-lake-texas
File name:	sts.exe
Download:	download sample
Signature	BazaLoader Create hunting rule
File size:	707'584 bytes
First seen:	2020-10-26 20:40:06 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b5259597cf0c8e22171973702c787aef (1 x BazaLoader)
ssdeep	12288:6Jje5ftkP0GeNlbuK+UzyoRDKVfOTLGMoBOepeO/6YoKltmHEnouU414MQ9tW:6Fetty0FyUzyWmVfGLGL653Fi
Threatray	57 similar samples on MalwareBazaar
TLSH	68E4AE02F96380D4E4F5C67956B2B521B9723D06C934BBCE872412671F30BE4A6EE739
Reporter	James_inthe_box
Tags:	BazaLoader exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

101

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Bazar

Link:

https://www.capesandbox.com/analysis/79555/

Detection(s):

Win.Malware.Razy-9778090-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/512819

Signature

Contains functionality to inject code into remote processes

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d7d8683f4534ce4888d12821ce5034b73de42cc5c00f088231d9825809307ea8/

Threat name:

Win64.Trojan.Wacatac

Status:

Malicious

First seen:

2020-10-26 20:39:42 UTC

File Type:

PE+ (Exe)

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=27mgqp2fgthercgrfaq44ubuw466ilgfyahqrarr3gbfqcjqp2ua._file

Verdict:

suspicious

Similar samples:

093f2b5a9d4628d9331751d7e6d3582cf097ab3f4091463ec895052dee8d22c3

177b312a0c7c2d03be3b2916505fb3e9fdefe785330c74ac29e89cb22656367e

725d48df047fa6420ac78350a0023bdc160ae42463544f787b188ca36697965a

a28cead812579eacf8d58be5b5ee55adc18409499108d4f5cc98acbf92c87531

a3b2528b5e31ab1b82e68247a90ddce9a1237b2994ec739beb096f71d58e3d5b

b5f8f3ecbf1f2276024ac2590a3ab257e9aacd9a773b6cb44af57776a8a1fc1e

c81fe7326d72e662a185c7bccb19bd31481ffdf53ef0fb1019027d9d16e5a9d9

cae79d8ceb527eb8367b1df9e916718e4329d2768ed0b7e61f7c406af9d21f31

e87a3aade32a0e9b09eede42d6e59ee32646adb37da99f8ae730f35582f65dc2

f5d920482e18df058cc0848a4e96d06af5322c05b3b61d3cf05800ab345d3edf

+ 47 additional samples on MalwareBazaar

Result

Malware family:

bazarbackdoor

Score:

10/10

Tags:

backdoor family:bazarbackdoor

Link:

https://tria.ge/reports/201026-7kpr7dnds6/

Behaviour

BazarBackdoor

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/79555/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample