MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e192593ff1df7a3d24cc9463fdcde0b39b49a26816da608d50960da3131e2e36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e192593ff1df7a3d24cc9463fdcde0b39b49a26816da608d50960da3131e2e36
SHA3-384 hash: 8149d36cd37b3cd0aadf8a8471effb69ce30ae8cbab6ae8d78e584c70f948d2203d7a745b2d7449f05028db87d3323ff
SHA1 hash: bd224225099626d3af8e38915365f91f9f52d505
MD5 hash: 869f280d62ffbc75bd140a75b01cf545
humanhash: london-london-echo-louisiana
File name:Attachments_1.dll
Download: download sample
Signature BazaLoader
Create hunting rule
File size:228'864 bytes
First seen:2021-11-16 11:22:25 UTC
Last seen:2021-11-16 18:30:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9e9b9dc9a1d7fc9680151ec542607c93 (6 x BazaLoader)
ssdeep 6144:As82i/2d9pkzFbJzhbGtsExVUsaxcX2/D:AsNd9paTUjvUsaH
Threatray 27 similar samples on MalwareBazaar
TLSH T14324BF5B73E501BBE8775335C9A34A16FB3678110B219ABF07A403366E1B7E05D3AB21
Reporter JAMESWT_WT
Tags:BazaLoader exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/206387/
Detection(s):
SecuriteInfo.com.W64.Sdum.J.genEldorado.9337.10394.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6193949843e8f62b6695380a/reports/b03d43a6-0f35-4d70-8cd7-7e56b0da2b3d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1de69317-df6f-408e-bf8f-803c806c8ac5
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad.troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/890308
Signature
Creates an autostart registry key pointing to binary in C:\Windows
Multi AV Scanner detection for submitted file
Sigma detected: UNC2452 Process Creation Patterns
Uses cmd line tools excessively to alter registry or file data
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 522781 Sample: Attachments_1.dll Startdate: 16/11/2021 Architecture: WINDOWS Score: 72 67 Multi AV Scanner detection for submitted file 2->67 69 Sigma detected: UNC2452 Process Creation Patterns 2->69 11 loaddll64.exe 1 2->11         started        13 rundll32.exe 2->13         started        process3 process4 15 cmd.exe 1 11->15         started        18 rundll32.exe 11->18         started        20 rundll32.exe 11->20         started        22 6 other processes 11->22 signatures5 77 Uses ping.exe to sleep 15->77 79 Uses cmd line tools excessively to alter registry or file data 15->79 81 Uses ping.exe to check the status of other devices and networks 15->81 24 rundll32.exe 15->24         started        26 cmd.exe 1 18->26         started        process6 process7 28 cmd.exe 1 24->28         started        31 rundll32.exe 26->31         started        33 conhost.exe 26->33         started        35 choice.exe 1 26->35         started        signatures8 73 Uses ping.exe to sleep 28->73 37 rundll32.exe 28->37         started        39 PING.EXE 1 28->39         started        42 conhost.exe 28->42         started        44 cmd.exe 1 31->44         started        process9 dnsIp10 47 cmd.exe 1 37->47         started        50 cmd.exe 1 37->50         started        65 192.0.2.6 unknown Reserved 39->65 75 Uses cmd line tools excessively to alter registry or file data 44->75 52 conhost.exe 44->52         started        signatures11 process12 signatures13 83 Uses cmd line tools excessively to alter registry or file data 47->83 54 reg.exe 1 1 47->54         started        57 conhost.exe 47->57         started        59 rundll32.exe 50->59         started        61 conhost.exe 50->61         started        63 choice.exe 1 50->63         started        process14 signatures15 71 Creates an autostart registry key pointing to binary in C:\Windows 54->71
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e192593ff1df7a3d24cc9463fdcde0b39b49a26816da608d50960da3131e2e36/
Threat name:
Win64.Trojan.BazarLoader
Create hunting rule
Status:
Malicious
First seen:
2021-11-16 11:23:13 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
100ab1a8d68493c43a477aa54948803f96a31b4c7854840a505de009d6c360a8
BazaLoader
15db7f06895bdf1b299f977b5a513eea85490541fa990b02b5612b31b5a3bf68
BazaLoader
33082f1f702c0919efd47a7c935aa3972c90f7f7419c9aa6c87492f57658d403
BazaLoader
6035d44fa6845d348946b868b93fbb60a43873f731f96ef6e8a54a9b4a73103a
BazaLoader
6d8fcc850b8c796be3f6244f1f681332d155486bdd326ad6be78ea7172718db4
BazaLoader
7a33388ff7dd7e507fef9fa7ed4e417af518c8a81a9d7bcd910723d16c940e76
BazaLoader
880e2c5548284e08c44028f419a98350fa58e9f758a57f4ddb7b5d6e48fc7eb9
BazaLoader
95347bea5432c09cc216f5db771b956eb78a43139789036af9446139967b1c7f
BazaLoader
b24e47b63ec35e9a420b9fbb64106b2f9e6e8a18676e8c79ff2ca67af06f1291
BazaLoader
b2a4b60dd0c7e9dfa6d88e9badad810ff74c5f42054b7af22e95fb5553d67331
BazaLoader
+ 17 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/211116-ng7e9adee7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
e192593ff1df7a3d24cc9463fdcde0b39b49a26816da608d50960da3131e2e36
MD5 hash:
869f280d62ffbc75bd140a75b01cf545
SHA1 hash:
bd224225099626d3af8e38915365f91f9f52d505
Link:
https://www.unpac.me/results/250dea32-ff9d-44e8-918f-dd4e4d610c46/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e192593ff1df7a3d24cc9463fdcde0b39b49a26816da608d50960da3131e2e36

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/206387/

Comments