MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f29253139dab900b763ef436931213387dc92e860b9d3abb7dcd46040ac28a0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BazaLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	f29253139dab900b763ef436931213387dc92e860b9d3abb7dcd46040ac28a0e
SHA3-384 hash:	f4281f975bc2b377a27131db3416102004639e4957bba3b89a181023914c1d87c52505bb158238b5b9bd8f30a38942c0
SHA1 hash:	4543e6da0515bb7d93e930c9f30e40912d495373
MD5 hash:	7e8eddaef14aa8de2369d1ca6347b06d
humanhash:	mississippi-cardinal-asparagus-sad
File name:	2_unk_180004000.bin
Download:	download sample
Signature	BazaLoader Create hunting rule
File size:	91'136 bytes
First seen:	2021-01-23 13:46:23 UTC
Last seen:	2021-01-23 15:51:32 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f9ade0aa18f660a34a4fa23392e21838 (9 x DarkSide, 3 x BazaLoader, 2 x ShikataGaNai)
ssdeep	1536:utcbOLowTKEigLDQh4fHSQHNQC4y82MT89mytezfPUv:utfspn2D/S2W68wmMeI
Threatray	5 similar samples on MalwareBazaar
TLSH	97932915B2D843B5F88696B533EE46E4E4FB376A157DBF3742A0D1223214E201E8F61E
Reporter	johannes
Tags:	BazaLoader BazarLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

417

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

2_unk_180004000.bin

Verdict:

No threats detected

Analysis date:

2021-01-23 13:47:29 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/66051d4f-56ec-432f-9295-921dde004603

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/113627/

Detection(s):

SecuriteInfo.com.Variant.Bulz.163525.26583.31273.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

DNS request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Bazar Loader

Detection:

malicious

Classification:

troj.spyw.evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/588865

Signature

Delayed program exit found

Detected Bazar Loader

Multi AV Scanner detection for submitted file

Tries to resolve many domain names, but no domain seems valid

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f29253139dab900b763ef436931213387dc92e860b9d3abb7dcd46040ac28a0e/

Threat name:

Win64.Trojan.Wacatac

Status:

Malicious

First seen:

2021-01-23 13:47:04 UTC

AV detection:

9 of 28 (32.14%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780

3941242436e943fbfb7b1767aa2615bcc5637da3d939d3b06a1572de8bf044a1

52e72513fe2a38707aa63fbc52dabd7c7d2c5809ed7e27f384315375426f57bf

8e244f1a5b4653d6dbb4cc3978c7dd773b227a443361fbc30265b79f102f7eed

c0a087a520fdfb5f1e235618b3a5101969c1de85b498bc4670372c02756efd55

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/210123-arrfqr4bb2/

Behaviour

Suspicious behavior: EnumeratesProcesses

Blocklisted process makes network request

Unpacked files

SH256 hash:

f29253139dab900b763ef436931213387dc92e860b9d3abb7dcd46040ac28a0e

MD5 hash:

7e8eddaef14aa8de2369d1ca6347b06d

SHA1 hash:

4543e6da0515bb7d93e930c9f30e40912d495373

Link:

https://www.unpac.me/results/1b958ed0-8a96-423b-8607-8e80c20150fc/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.39

Link:

https://yomi.yoroi.company/submissions/f29253139dab900b763ef436931213387dc92e860b9d3abb7dcd46040ac28a0e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

exe c0a087a520fdfb5f1e235618b3a5101969c1de85b498bc4670372c02756efd55

exe f29253139dab900b763ef436931213387dc92e860b9d3abb7dcd46040ac28a0e

(this sample)

Malpedia

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.bazarbackdoor

Dropped by

SHA256 c0a087a520fdfb5f1e235618b3a5101969c1de85b498bc4670372c02756efd55

Cape

Cape

https://www.capesandbox.com/analysis/113627/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample