MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed1d279d93f8882f951b4e4a072ca919b5d9b42b8f83da74c8ad2ceb4cf0f634. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DBatLoader

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	ed1d279d93f8882f951b4e4a072ca919b5d9b42b8f83da74c8ad2ceb4cf0f634
SHA3-384 hash:	80082addb5ea78249bf33eb73a01c03f66eb39258c435de15e8bf038cedc92f5d868457139257366412a37a9663ca2e7
SHA1 hash:	03d5c24fa436d048b5c951d0f9293cfedaa2dac2
MD5 hash:	35691e5d0b01ae7fd6eac8ec9f99ba7d
humanhash:	massachusetts-bakerloo-fruit-tennis
File name:	DHL AWB TRACKING DETAILS.exe
Download:	download sample
Signature	DBatLoader Create hunting rule
File size:	1'062'988 bytes
First seen:	2021-12-06 11:31:27 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	63129113d28408f1ff3b0b14b238be7d (2 x Formbook, 2 x RemcosRAT, 1 x DBatLoader)
ssdeep	12288:IZLuO0wmv2pdKSKVLmbPy7PXjW1ebIrUxhmKQHwy22NwtIKmmTIy7hdFRcqz:4CRv2pvAmbPy7PaYbIryhmNgtIKuW5
Threatray	1 similar samples on MalwareBazaar
TLSH	T199359D3572A0D873C13B06B8CD57E7E41825FF216A54DE8B3AF57C8E1EB5690B816283
Reporter	abuse_ch
Tags:	DBatLoader DHL exe

Intelligence

File Origin

# of uploads :

# of downloads :

165

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

DHL AWB TRACKING DETAILS.exe

Verdict:

Suspicious activity

Analysis date:

2021-12-06 11:37:46 UTC

Tags:

installer

Link:

https://app.any.run/tasks/1f17769c-184e-4ca3-a9c4-83c7eb10f479

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/211744/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

DNS request

Sending a custom TCP request

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/1074/overview

Behaviour

CheckScreenResolution

CheckCmdLine

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug anti-vm greyware keylogger overlay

Link:

https://www.filescan.io/uploads/61adf4b6fa72c81b5b0e4762/reports/74bdd000-844d-45ea-94c1-72717708eb38/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/32f1f028-714b-4976-b3c5-c7b896e8e1f4

Result

Threat name:

DBatLoader

Detection:

malicious

Classification:

troj

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/902201

Signature

Yara detected DBatLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ed1d279d93f8882f951b4e4a072ca919b5d9b42b8f83da74c8ad2ceb4cf0f634/

Threat name:

Win32.Trojan.Delf

Status:

Malicious

First seen:

2021-12-06 11:32:17 UTC

File Type:

PE (Exe)

Extracted files:

117

AV detection:

20 of 28 (71.43%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5uosphmt7cec7fi3jzfaolfjdg25tnblr6b5u5givuwowthq6y2a._file

Verdict:

malicious

DBatLoader

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/211206-nna1magge3/

Unpacked files

SH256 hash:

1b7543f01e0905aad968e37baccbf702cac518496b11deecc3512c205df0dbe6

MD5 hash:

355d5d8a066c9b9296e54b6bbfa25412

SHA1 hash:

839eb5cc659aec1f09779ae374aa941bcb622b66

Detections:

win_temple_loader_w0

Link:

https://www.unpac.me/results/44b0637c-73a7-4b84-ba4f-b9ef683fa2c4/

Parent samples :

ed1d279d93f8882f951b4e4a072ca919b5d9b42b8f83da74c8ad2ceb4cf0f634
c7a89255767729cc8f5dbd610779baac706af799ccbb1a4945c55a77632e671c
af2a8024939f13bee37b6d3a35aa5df93e2a6b11cede4bea19493c4d704b050f
78900ed7307ae31ad9b74204fd8e4798b01a6b7bc593e70d4a7aaab7ab1b2b95
9936a6bda8c332e2aec071444db5f68e1b34745412158cad8394ceb3c80d36ee
016995a4b65533b314b70ebab42fb3c6dee830dff7a7261080f6e743da562b9a
34c093aa616e9e574f2ae88bc1fe3dd818200b0586ed20945147a7fb6848dfd8
8c9f7973d30b69a406f5169bf847212c11d275a96b348137c447cea3089a58a9
f6d0fdcf620ebd3b483c6dd7e9bc7bea2f9acca8d34eb7b84ebaf457671fd758
9e1f83813953f38ebc2e39ec795b85cc808e6f5cb36ea8b3a25e7eddb3cf429b
db5b52f3949ca7cb29e009535f1d2021b0f24b4e114717a20e86869abae48850
9a63e8c9e7bfb45eb903482e3ba9ed3f3d64db90b62f13355dff1a5ed5d2376d
c3e06052cbfbbf225d9d3052bb3478e1c72111d4cb18240806f32f517be86b3f
baccd3d2cd02286e08b6739dfc786f67bd64b5da6bfca6ba93ddf21f8e9d8359
9685ed86f91fd0a3c20c5badbf361475fa0316f365a35d352e8e1caff333890f
309ca816bed485731d7702c80339e6b5d209618888ea92a972a7189ed1102518
34fcac5d4cf2062249f369fda6ae1932ac41655890da91f02bc304afe3706e86
a78e89ef2769dd705ce27a6b5876ca2fdc5a5aa078ff9a4d86f186d4bb6edce8
85dca30464e5d239a82140c6611e7d9d2e4e8a7400c869c36c3c4999a0b221dc
2cbccb76adf567a82d9d6fcbf7a6c02bce157e1870df149af7391b20b9fdc672
1fc74504d626223335f39e10435bd3366bc5533619e8e7713e2a48eadd4dc26a
7cf3410e13c13eb9cdfb1fa3df95f643bfbf7b55f5de595353205b4c44b84c5d
4afefb73e99678c987858f79095a203a3df18eeeb0fe7b59571325613f4a3dd1
10f5584682c3f5d54ba1e3afd68822c81e8234531c8b1a41e11774b980915c72
b59a94fa3d43aaa64ce137a035dc166ff2226e9113decc5b24b120f0309a6c7d
b7a6d7f4d15e42eb71836dc7372f48654462c7752d015513232346f0af92f81e
1bc95ae62d31b8b9c4a34c80049f693cb31199e768af6ac4a33fe082b34209a7
8b94dbe71305cc3e5a3963757e03e6344402b9f7babb373df3d80a90e0e4d1e2
9e303489b6a886ee967ace328a26749db9664604ab638e544e260918044b21de
47576aba2a25e4b969ccd69eec27646901c41aa4d9efd6127aac9c5016568048
640fee8437e46c9ccd7ffa3b170e2bde1b5f1bcf4b13fdb5a7c67098814ff0cb
e3c4caeafd8e19662239571bd3eee795d2ffb003953ce5eb06026a1be72b32e0
be518dfc7bbd3b6b298897a86dde6242a186f613e9930f2c49f6704de37ac4a3
a90bba267082093022d3ed1685f7a9e91a2f1d384f85dc2883caecd4fd3eb505
ed063e69d7a5b6e0d14d81df38a1ec039788191dea6bd072aa573bfa90594899
764b532b622894b7ec4590c2868e0a3e0b9e58eca72251b012c6ae4c5639971f
3a7a42d1cb828cdb0f1ea382a8859052b7862414cdb3a5e2d623e922d4d00485
0fc54d55d3cb27bf5ec3c09325478deeebc49ff858fd7f413a62fb949b7a9666
2240e1501c44abd572464704dbeab4984f8d9d6811a2401b831a6255f03e6587
ef50c5943a01eb155acc81b7a4de6749ec5e438666bedc6be95f42ad92bb7c36
a3c386096f6c478045ba6190d68a6591322ec9d4e480b900d3e7ef88e1622751

SH256 hash:

ed1d279d93f8882f951b4e4a072ca919b5d9b42b8f83da74c8ad2ceb4cf0f634

MD5 hash:

35691e5d0b01ae7fd6eac8ec9f99ba7d

SHA1 hash:

03d5c24fa436d048b5c951d0f9293cfedaa2dac2

Link:

https://www.unpac.me/results/44b0637c-73a7-4b84-ba4f-b9ef683fa2c4/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ed1d279d93f8882f951b4e4a072ca919b5d9b42b8f83da74c8ad2ceb4cf0f634

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

DBatLoader

exe ed1d279d93f8882f951b4e4a072ca919b5d9b42b8f83da74c8ad2ceb4cf0f634

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/211744/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample