MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8d69d5df025089474bfef71b5fb42c0e11bfcbb1d2dd915c474b11b74c0504b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8d69d5df025089474bfef71b5fb42c0e11bfcbb1d2dd915c474b11b74c0504b
SHA3-384 hash: 93907470130f5e1be140a87f31ad300248421a088e9229e793d7220413e2a91feb9647c8593c04b842bce83a670b6f6d
SHA1 hash: 6aec367f8d99ac7b39764ddd3a6989d7905a8754
MD5 hash: c2ab0abaf7a99deb6e85678e79917a83
humanhash: oregon-network-failed-quebec
File name:Report-Review20-10.exe
Download: download sample
Signature BazaLoader
Create hunting rule
File size:15'906'456 bytes
First seen:2020-10-20 18:12:50 UTC
Last seen:2020-10-20 18:59:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d3a2afb703bdefc4273681ac10f9f607 (9 x BazaLoader)
ssdeep 393216:tkEqt/8vHxlVvNJbYmb126bbQlv7gSREXQL+e5sOG:y0RlXJ0mb3Q2XT
Threatray 203 similar samples on MalwareBazaar
TLSH A5F6BE4277D68909E0A61730DDB382B81677BD519D35870F328CBA1EAFF36815C66B23
Reporter BFcerdo
Tags:BazaLoader NOSOV SP Z O O signed

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
BazaLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/73605/
Detection(s):
SecuriteInfo.com.BackDoor.Bazar.19.8889.18373.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching cmd.exe command interpreter
Sending a UDP request
Transferring files using the Background Intelligent Transfer Service (BITS)
DNS request
Sending a TCP request to an infection source
Unauthorized injection to a system process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/498617
Signature
,
a
b
c
d
e
f
g
h
I
l
m
n
o
p
r
s
t
u
y
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 301315 Sample: Report-Review20-10.exe Startdate: 20/10/2020 Architecture: WINDOWS Score: 48 23 Icon mismatch, binary includes an icon from a different legit application in order to fool users 2->23 6 Report-Review20-10.exe 40 2->6         started        9 Report-Review20-10.exe 21 2->9         started        process3 dnsIp4 19 dghns.xyz 34.222.33.48, 443, 49712, 49714 AMAZON-02US United States 6->19 21 192.168.2.1 unknown unknown 6->21 11 WerFault.exe 20 9 6->11         started        13 conhost.exe 6->13         started        15 cmd.exe 6->15         started        17 conhost.exe 9->17         started        process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f8d69d5df025089474bfef71b5fb42c0e11bfcbb1d2dd915c474b11b74c0504b/
Threat name:
Win64.Trojan.Bazaloader
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 18:14:08 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7dlj2xpqeueji5f755y3l62cydqrx7f3duw5sfoeosyrw5gakbfq._file
Verdict:
malicious
Similar samples:
0d468fc1b02bbc7c3050c67e0a80b580c69abd8eea5f8dad06c7d7ff396f7789
BazaLoader
1b7a277e3aa02c66b4a1da64cc2be281102decb97ff841d62c02e9fc1ade361f
BazaLoader
3b04e7f31c8ec3bd466ce5910277f241a6b3e7bf9d70a5fd41d7922601cc06ba
BazaLoader
665fdcff6c010772cfa701050b2bc5c7b008a0e8a73fa3c59e1dde546b78003b
BazaLoader
690ff4ee36a9ee03248ce8e45a605e718eb48778ffbce1b48f9a5522175ba611
BazaLoader
c1a8d92dd4d6a2e51be9be6957c6d0398bef80a667c879c365c622033ea7a8a5
BazaLoader
c81fe7326d72e662a185c7bccb19bd31481ffdf53ef0fb1019027d9d16e5a9d9
BazaLoader
d3f27f0ba1900e461e292bf8f62028b60cac902ef71cbe455115d008c0ed27c6
BazaLoader
f3f7756ced61f3872f07dd25b68f1824d8797730757a9a80bdbbe6522725a2de
BazaLoader
f471cbd53a52d27053c33c4fd18fe2305f94f947d8cc2275c3506fe74c2f11f5
BazaLoader
+ 193 additional samples on MalwareBazaar
Result
Malware family:
bazarbackdoor
Create hunting rule
Score:
  10/10
Tags:
backdoor family:bazarbackdoor
Link:
https://tria.ge/reports/201020-tpfqwn9hjn/
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blacklisted process makes network request
BazarBackdoor
Unpacked files
SH256 hash:
f8d69d5df025089474bfef71b5fb42c0e11bfcbb1d2dd915c474b11b74c0504b
MD5 hash:
c2ab0abaf7a99deb6e85678e79917a83
SHA1 hash:
6aec367f8d99ac7b39764ddd3a6989d7905a8754
Link:
https://www.unpac.me/results/9a9547e3-e36a-4ad7-9c22-0992a6356ca5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f8d69d5df025089474bfef71b5fb42c0e11bfcbb1d2dd915c474b11b74c0504b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/73605/

Comments