MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb46649e51c1b2fc47d3bc0a129563c7bcb6f7e5353d46e0a0bd2f1205d675b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazaLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb46649e51c1b2fc47d3bc0a129563c7bcb6f7e5353d46e0a0bd2f1205d675b9
SHA3-384 hash: d917dcc86a1671e7c7712e72e4ea784cc189b634fa926567779485edc2809b24520b04e42905c164f349ff3735f5efed
SHA1 hash: 76cd17dc22890e34cb4adb3f34b7b904dc751cdb
MD5 hash: afb7e73c9d9a99b395074a1e39728b36
humanhash: network-alabama-queen-enemy
File name:afb7e73c9d9a99b395074a1e39728b36.dll
Download: download sample
Signature BazaLoader
Create hunting rule
File size:289'415 bytes
First seen:2021-10-13 17:46:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f2aa966974790b641bc88c5a5bd46a40 (2 x BazaLoader)
ssdeep 6144:VWvccklaZIIq3+Q4gdD3iD9Rd3YdFT/od3kQV:VIcZao3+Qr4zMFTwXV
Threatray 31 similar samples on MalwareBazaar
TLSH T10C546DB6F2912DA6EAD1C879C216B1B4F28368373765E1D0B5A706D3102D4E4CEB6F13
Reporter abuse_ch
Tags:BazaLoader BazarBackdoor BazarLoader dll exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
318
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
afb7e73c9d9a99b395074a1e39728b36.dll
Verdict:
No threats detected
Analysis date:
2021-10-13 17:54:56 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/412a21ed-686c-45e8-8c27-e12a3df259b0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/197336/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.10513.21715.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Artemis60A361CE5F18.14589.2970.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Transferring files using the Background Intelligent Transfer Service (BITS)
Launching a process
Connection attempt
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay
Link:
https://www.filescan.io/uploads/61671b97fd35fe780c3dcb42/reports/486891af-4048-424f-beb1-f866ddf31683/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/cd87ac80-0dd6-434e-8289-7d2a5f0d1b7b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/869897
Signature
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 502328 Sample: HUTWMrDhov.dll Startdate: 13/10/2021 Architecture: WINDOWS Score: 48 6 loaddll64.exe 1 2->6         started        8 rundll32.exe 2->8         started        process3 10 regsvr32.exe 78 6->10         started        14 iexplore.exe 1 73 6->14         started        16 cmd.exe 1 6->16         started        18 2 other processes 6->18 dnsIp4 31 161.35.66.76, 443, 49886, 49952 DIGITALOCEAN-ASNUS United States 10->31 33 164.90.211.10, 443, 49895, 49916 DIGITALOCEAN-ASNUS United States 10->33 35 12 other IPs or domains 10->35 37 System process connects to network (likely due to code injection or exploit) 10->37 20 iexplore.exe 2 154 14->20         started        23 rundll32.exe 16->23         started        signatures5 process6 dnsIp7 25 cm.g.doubleclick.net 216.58.215.226, 443, 49815, 49817 GOOGLEUS United States 20->25 27 dart.l.doubleclick.net 216.58.215.230, 443, 49848, 49849 GOOGLEUS United States 20->27 29 25 other IPs or domains 20->29
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb46649e51c1b2fc47d3bc0a129563c7bcb6f7e5353d46e0a0bd2f1205d675b9/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ndgjhsrygzpyr6txqfbffldy66ln57fgu6unyfaxuxrebowow4q._file
Verdict:
unknown
Similar samples:
1f136522cc2cdea93e2086aa67ab07102bcef7e31b201489b43707986824b3f8
BazaLoader
542ef83f25fbe709d0eb6666fe9615d15a96e87dcd3f2e270a40a6ed9e017f12
BazaLoader
62e646b44c307979e5385208bf0c698a08f8db0b9bdb839815b8bcd5ed9e3a38
BazaLoader
74cf2e1f4dce793dc8bc01b3d1691e102c08bb15a3c65bb5c06a48baba0e1fb5
BazaLoader
8b00e9220d23392c11ef9d92a97a7240205bfd27981dccab0828fb358242ca02
BazaLoader
8ea46ac64f5af7bb295a8b784738fc11fc0fde1543d7da43c0f97f88950185c4
BazaLoader
cc27c7c159716192b33257b7941ef2a61af998a39c2da47c1c5fc8863971bb0b
BazaLoader
+ 21 additional samples on MalwareBazaar
Result
Malware family:
bazarloader
Create hunting rule
Score:
  10/10
Tags:
family:bazarloader dropper loader
Link:
https://tria.ge/reports/211013-wcvvnaeha5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Bazar/Team9 Loader payload
Bazar Loader
Unpacked files
SH256 hash:
fb46649e51c1b2fc47d3bc0a129563c7bcb6f7e5353d46e0a0bd2f1205d675b9
MD5 hash:
afb7e73c9d9a99b395074a1e39728b36
SHA1 hash:
76cd17dc22890e34cb4adb3f34b7b904dc751cdb
Link:
https://www.unpac.me/results/f1ebfe13-452f-4b55-b814-98e08e46a5e3/
Malware family:
BazarLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/fb46649e51c1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fb46649e51c1b2fc47d3bc0a129563c7bcb6f7e5353d46e0a0bd2f1205d675b9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BazaLoader

Executable exe fb46649e51c1b2fc47d3bc0a129563c7bcb6f7e5353d46e0a0bd2f1205d675b9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1674444/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/197336/

Comments