MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e2f841e134c1c15f08e3d2657a73f27dbcfed3294c51fa6937c0e2d434052b4e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DBatLoader


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e2f841e134c1c15f08e3d2657a73f27dbcfed3294c51fa6937c0e2d434052b4e
SHA3-384 hash: 78c5fab1b8fdbcac7ddfa257c4b71c8e1d38ef59b41d080bd1a74396575f7fc2415d1c7838ac7910d365f1609a3ae2f5
SHA1 hash: f80add636b00c8e7b9e8c085f669f788f9005af4
MD5 hash: fd503b91517e78e857d581e52074671e
humanhash: speaker-ten-early-muppet
File name:Yeni sifaris.exe
Download: download sample
Signature DBatLoader
Create hunting rule
File size:641'024 bytes
First seen:2022-08-04 15:13:07 UTC
Last seen:2022-08-08 08:07:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 286be9e4f8d73c89ffb2aff3a4427b53 (9 x DBatLoader, 1 x AveMariaRAT)
ssdeep 12288:F+xn0/znwyVdboAk2SE+BOx7o1sf6hm7fWzHyW+K:w07nxdb7k2SnB2o1A6hsaSPK
Threatray 46 similar samples on MalwareBazaar
TLSH T1C4D46A69E29045B2D9631A788D066660E81FBD412D3C548B6BEC3ECD6F7B7D0352B383
TrID 26.5% (.EXE) Win32 Executable Delphi generic (14182/79/4)
24.5% (.SCR) Windows screen saver (13101/52/3)
19.7% (.EXE) Win64 Executable (generic) (10523/12/4)
8.4% (.EXE) Win32 Executable (generic) (4505/5/1)
5.6% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):PE icon
dhash icon 73b0d4d6c6d430b3 (9 x DBatLoader, 1 x AveMariaRAT)
Reporter malwarelabnet
Tags:DBatLoader exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
448
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Yeni sifaris.exe
Verdict:
Malicious activity
Analysis date:
2022-08-04 15:15:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/91821eaa-c6db-4dc4-88ca-f647bc371079

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/296517/
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

SecuriteInfo.com.W32.AIDetect.malware2.10837.19384.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
DNS request
Sending a custom TCP request
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
keylogger
Link:
https://www.filescan.io/uploads/62ebe27bbcf76fcb6ce494ee/reports/705bfb73-6261-4531-bcd8-8b3e064676e7/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4503ca95-9a03-4b18-94cb-fdeee7fe957f
Result
Threat name:
DBatLoader
Create hunting rule
Detection:
malicious
Classification:
troj.expl
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1046348
Signature
Multi AV Scanner detection for submitted file
Yara detected DBatLoader
Yara detected UAC Bypass using ComputerDefaults
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e2f841e134c1c15f08e3d2657a73f27dbcfed3294c51fa6937c0e2d434052b4e/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2022-08-04 06:37:21 UTC
File Type:
PE (Exe)
Extracted files:
23
AV detection:
21 of 26 (80.77%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4l4edyjuyhav6chd2jsxu47spw6p5uzjjri7u2jxydrninaffnha._file
Verdict:
malicious
Similar samples:
1d4f1e01cbbd896a55a83dd107e381fe0a572bd2c9327cbb82a9510eb4832e99
DBatLoader
33ea02b92678e7c73d8f65dc81d76733fe0ce94b9c9b22ebe216132a0986436f
DBatLoader
5f1af4c3e78da3ddb14c4a0788516a185680a18f75d937fd168eb31acb02426c
DBatLoader
609c35ef7a3f6b8baa6219b1f4c46d2f763f4cf7261abd65aa0ab07d429aca34
DBatLoader
88feac36d272543567fa2c4a9a055bc5d875c0bd3e6e2245f6c06fdb42c4cf59
DBatLoader
983801eaacc07639df1f10a1761c8302286847a0aec503a5ae72e9aec2f9028a
DBatLoader
a3792b703dde1aa5a935183c6696ce91cdea54579e9045b55848df91e6b312f9
DBatLoader
b31cde99f0850f6f1e87ff1cb15014a26d87a22aed1e63c2bcfe423bc377dfd7
DBatLoader
c2b2e774a10f9b1de9375018b051a0a898bf90065d49a0d716de4bcfefd9abe5
DBatLoader
ceea761a0d3121215b4ddd3c0916eb63345395f0fd09e8449bd85a4a84e50272
DBatLoader
+ 36 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220804-smbmzshcfm/
Behaviour
Program crash
Unpacked files
SH256 hash:
530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc
MD5 hash:
86042406b67b22e834bcd1a7cd7ebdd1
SHA1 hash:
5c17cfaa8cc413e95d3b6afc912ae418c48fb465
Detections:
win_dbatloader_g1
Create hunting rule
Link:
https://www.unpac.me/results/b5e490d2-d1a5-4c5f-8f97-eba120f0a078/
Parent samples :
5f1af4c3e78da3ddb14c4a0788516a185680a18f75d937fd168eb31acb02426c
c2b2e774a10f9b1de9375018b051a0a898bf90065d49a0d716de4bcfefd9abe5
e2f841e134c1c15f08e3d2657a73f27dbcfed3294c51fa6937c0e2d434052b4e
SH256 hash:
e2f841e134c1c15f08e3d2657a73f27dbcfed3294c51fa6937c0e2d434052b4e
MD5 hash:
fd503b91517e78e857d581e52074671e
SHA1 hash:
f80add636b00c8e7b9e8c085f669f788f9005af4
Link:
https://www.unpac.me/results/b5e490d2-d1a5-4c5f-8f97-eba120f0a078/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/e2f841e134c1c15f08e3d2657a73f27dbcfed3294c51fa6937c0e2d434052b4e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/296517/

Comments