MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3eed67f2ce421acee035ac4b3eeaa02fc548a485882c573d671355dfcf03a8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DBatLoader

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	f3eed67f2ce421acee035ac4b3eeaa02fc548a485882c573d671355dfcf03a8a
SHA3-384 hash:	64b0ac2c9823cfd7618e5ef31abe2332e8e6572713034f5477530b443787670ce26e0b5d653bf523ba389e131906af0d
SHA1 hash:	8497b5ad973963635ca2f20a7760b3811583f355
MD5 hash:	3ecfeb005fc64e14317547259a162a63
humanhash:	washington-massachusetts-apart-kitten
File name:	triage_dropped_file
Download:	download sample
Signature	DBatLoader Create hunting rule
File size:	992'768 bytes
First seen:	2022-09-29 13:34:46 UTC
Last seen:	2024-07-24 23:01:06 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	1b312f93c540067908e7bc7402f06ba2 (3 x RemcosRAT, 3 x DBatLoader, 2 x FormBook)
ssdeep	12288:ei0wFFLy44jTpuNaCT8pT2m+lj6RSul8z7iEzwSK1CHaJFQmNL5OWZdavN2HuEGH:lHWTkNaw8pT2zMS3v9RDeB4FvzU
Threatray	555 similar samples on MalwareBazaar
TLSH	T140259E6DE290D433D23B5E358C1B52F5B9257EC12E1864897FE63E085FBE6403C262B6
TrID	92.5% (.EXE) Win32 Executable Borland Delphi 7 (664796/42/58) 1.9% (.EXE) Win32 Executable Delphi generic (14182/79/4) 1.8% (.SCR) Windows screen saver (13101/52/3) 1.4% (.EXE) Win64 Executable (generic) (10523/12/4) 0.6% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	27d0d8d4d4d8f007 (5 x RemcosRAT, 5 x DBatLoader, 4 x FormBook)
Reporter	malwarelabnet
Tags:	DBatLoader exe

Intelligence

File Origin

# of uploads :

# of downloads :

296

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/314838/

Detection(s):

SecuriteInfo.com.Trojan.Inject.20922.4476.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Query of malicious DNS domain

Sending a TCP request to an infection source

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/39983/overview

Behaviour

MalwareBazaar

CheckScreenResolution

CheckCmdLine

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

keylogger overlay

Link:

https://www.filescan.io/uploads/63359f07c9e2f343543129de/reports/384253db-64db-4dbb-b802-9bdd78045b68/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

REMCOS

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/650ada35-4455-4e1a-ba64-32bf2d29acee

Result

Threat name:

DBatLoader

Detection:

malicious

Classification:

troj.expl

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1080113

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected DBatLoader

Yara detected UAC Bypass using ComputerDefaults

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f3eed67f2ce421acee035ac4b3eeaa02fc548a485882c573d671355dfcf03a8a/

Threat name:

Win32.Backdoor.Remcos

Status:

Malicious

First seen:

2022-08-17 12:02:41 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 26 (80.77%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=6pxnm7zm4qq2z3qdllclh3vkal6fjcsilcbmk46woe2v37hqhkfa._file

Verdict:

malicious

DBatLoader

2fe6e7ac5c699248c6f80259e23782d718bea739b0687a91e949cbdf486a4abf

DBatLoader

3b68e962b5129b08db1e475b47df5c2f1a6375a3adaa9b776f9d02ae13462e34

DBatLoader

4b9549bd308885348d7ec8d47bab9843456a270b53c6dbd5b7c8f849f066ff29

DBatLoader

7a9d0bcd27a4183c6765d336c9afd2974d39ead469b932883b6ef3a3b8887c28

DBatLoader

8de6ed84b73447703a0ddf14eb89ffcbe4a6095e4826cf07253ca04fb38d90d6

DBatLoader

+ 545 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220929-qvnleacacj/

Behaviour

Modifies system certificate store

Verdict:

Informative

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/53d8e490-d7c4-476e-b8ce-0cc3c238b6e7

Unpacked files

SH256 hash:

7984c6d5d9c34c45857243a72d76b2f82c27cbf3d202d478efc693e8eede7075

MD5 hash:

81fd3ae23410ef7846043591e4dfc2ba

SHA1 hash:

588327f8f406348c8e081fd04cb20fb969d526f6

Detections:

win_dbatloader_g1

Link:

https://www.unpac.me/results/68a34f3c-6e8f-4e6b-a784-5f7e8956fcf9/

Parent samples :

07af9a8905e2947a60d954b7f974b2fbe4a62223302c86eb866f447e61ce4245
2fe6e7ac5c699248c6f80259e23782d718bea739b0687a91e949cbdf486a4abf
ce97cec6d38eb389785a1987f52261fb466274e69522f6cdbebac7095f2cc972
c7c1a88e84bb85e9437b450de1e701473081b8cf7e45dcf62fd317262bfb2970
3b68e962b5129b08db1e475b47df5c2f1a6375a3adaa9b776f9d02ae13462e34
d88a2f2dc41473cc633251eefe4aa458fa9311b71c9a5aae4b33cb0fd268d562
0ef5c827d7b4bd9a40906909a27902b3ddcd8e3b2181d2d0df02834c96925033
357d7791398ff5681a24bf65fd84deb8067d8ff1365d2c00cd6672fd0e5ff4f9
6555c0d7b9acbff665b84aec9164dd1cf01740a10e735791f25c28a5da830740
ee2ced66adeccfe45722c49efd8b99fd032d0426ff74cd10fc1e182521431404
6c232920b9bb1f2c3bf71124f93f06f49fdf41c3bae35237f7b031bebba14cc5
c2062d2d3ac3815d7a050a1bfb261c98581e7398f8b0c7ca670d7ddb328611d2
8de6ed84b73447703a0ddf14eb89ffcbe4a6095e4826cf07253ca04fb38d90d6
f3eed67f2ce421acee035ac4b3eeaa02fc548a485882c573d671355dfcf03a8a

SH256 hash:

f3eed67f2ce421acee035ac4b3eeaa02fc548a485882c573d671355dfcf03a8a

MD5 hash:

3ecfeb005fc64e14317547259a162a63

SHA1 hash:

8497b5ad973963635ca2f20a7760b3811583f355

Detections:

DbatLoaderStage1

Link:

https://www.unpac.me/results/68a34f3c-6e8f-4e6b-a784-5f7e8956fcf9/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.50

Link:

https://yomi.yoroi.company/submissions/f3eed67f2ce421acee035ac4b3eeaa02fc548a485882c573d671355dfcf03a8a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/314838/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample