General
-
Target
b3b1fcf37cf99753b52ef02bbb8e22352190d2489e5ae926df5d2b43a740fc24
-
Size
391KB
-
Sample
201009-av9kettsae
-
MD5
d3f095b8af36979dbbbb0fba0c69497b
-
SHA1
ae399f00b624ac94ccf0acec1c01ce4f7e9512c3
-
SHA256
b3b1fcf37cf99753b52ef02bbb8e22352190d2489e5ae926df5d2b43a740fc24
-
SHA512
474fdbd8b740f7b0edb5d12f63b68f2e8036df4b35b6262dfb31830ec658fac9cf4e21e79e513c40983f2099b75ed8ba1ad68ef6db7be65a5b05647c73b79897
Static task
static1
Behavioral task
behavioral1
Sample
b3b1fcf37cf99753b52ef02bbb8e22352190d2489e5ae926df5d2b43a740fc24.exe
Resource
win7
Behavioral task
behavioral2
Sample
b3b1fcf37cf99753b52ef02bbb8e22352190d2489e5ae926df5d2b43a740fc24.exe
Resource
win10v200722
Malware Config
Targets
-
-
Target
b3b1fcf37cf99753b52ef02bbb8e22352190d2489e5ae926df5d2b43a740fc24
-
Size
391KB
-
MD5
d3f095b8af36979dbbbb0fba0c69497b
-
SHA1
ae399f00b624ac94ccf0acec1c01ce4f7e9512c3
-
SHA256
b3b1fcf37cf99753b52ef02bbb8e22352190d2489e5ae926df5d2b43a740fc24
-
SHA512
474fdbd8b740f7b0edb5d12f63b68f2e8036df4b35b6262dfb31830ec658fac9cf4e21e79e513c40983f2099b75ed8ba1ad68ef6db7be65a5b05647c73b79897
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blacklisted process makes network request
-
Suspicious use of SetThreadContext
-