MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc65156bfa6da463f9eb980c3a551ba0cd494b53a55b3a2e9b41c766ca3c011c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DBatLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc65156bfa6da463f9eb980c3a551ba0cd494b53a55b3a2e9b41c766ca3c011c
SHA3-384 hash: 60fe49e909010a7d2cdf4d27706de98e60b8be4ebf59ab4384aae29d0a318d360c81b47b03532a7ee212c90e97ed8a7d
SHA1 hash: 3a85cf4da60d6c87cb075c27d5323f7001081680
MD5 hash: d7005d5e19d1c0beaf900f13bb547f79
humanhash: nebraska-gee-lamp-mockingbird
File name:PO1502.exe
Download: download sample
Signature DBatLoader
Create hunting rule
File size:1'069'568 bytes
First seen:2022-02-07 15:26:55 UTC
Last seen:2022-02-07 18:56:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b8291d27d1843f891720ab7e926d8c23 (3 x DBatLoader, 2 x Loki, 2 x Formbook)
ssdeep 24576:btrSRiVHy+BOAgsA/zbnLkzY17MNlprv:b3M3XgzmYfF
Threatray 11'561 similar samples on MalwareBazaar
TLSH T18B357C62F781583ED21725345C2BD6A4A9197EB03D2CE9863FE47D082E35341B936EE3
File icon (PE):PE icon
dhash icon 74e4d4d4ecf4d4d4 (23 x GuLoader, 20 x LummaStealer, 19 x AgentTesla)
Reporter GovCERT_CH
Tags:DBatLoader exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/235963/
Detection(s):
SecuriteInfo.com.Artemis5D5866815F00.22073.20754.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
DNS request
Sending a custom TCP request
Creating a file
Launching a process
Searching for synchronization primitives
Sending an HTTP GET request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a system process
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/6267/overview
Behaviour
MalwareBazaar
CheckScreenResolution
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe keylogger replace.exe
Link:
https://www.filescan.io/uploads/62013a4b4077c8b9a01b92f8/reports/556d1794-bb8d-48ca-b7d0-5fc295714f54/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/b209e885-8b1a-4b1c-bd75-9f64167b55a7
Result
Threat name:
DBatLoader FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/935333
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dc65156bfa6da463f9eb980c3a551ba0cd494b53a55b3a2e9b41c766ca3c011c/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2022-02-07 09:19:59 UTC
File Type:
PE (Exe)
Extracted files:
136
AV detection:
19 of 27 (70.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3rsrk272nwsgh6pltagduvi3udguss2tuvntulu3ihdwnsr4aeoa._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
074991cefc03a7683cb3c81e83c383010f45c130fdc6dafa13469bfffaf87867
DBatLoader
0a223aa68af0c2af0baabda61d82748629078720a017ef4836f3322a76cb691a
DBatLoader
0abec9fa236e37269a9bf904a27b2a2650bea8a5b81fcdbed6a1c5b5f37218cf
DBatLoader
4877dd469af0e1ac31efa295325a3024d10abdc0a7eeaf74fe5b4eb9d0518bd9
DBatLoader
527036f9e449de86dc23ca03f80ea7da2d0ee7d7752203bbfad4ffb9237a19a8
DBatLoader
b1e2238ed835357f061456c7a38d0620cef8b78f0e1a9856133cc5b2805e0ed1
DBatLoader
c180bb8451472fc5931d0dc3aac6ef18ca417665b958d1480dd0787ba3de238a
DBatLoader
+ 11'551 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220207-svrn6sdha6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
dc65156bfa6da463f9eb980c3a551ba0cd494b53a55b3a2e9b41c766ca3c011c
MD5 hash:
d7005d5e19d1c0beaf900f13bb547f79
SHA1 hash:
3a85cf4da60d6c87cb075c27d5323f7001081680
Link:
https://www.unpac.me/results/e00628ea-db0e-403a-afde-517364d04bd1/
Malware family:
XLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/dc65156bfa6d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

DBatLoader

Executable exe dc65156bfa6da463f9eb980c3a551ba0cd494b53a55b3a2e9b41c766ca3c011c

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/235963/

Comments