General
-
Target
Prev-Annual.exe
-
Size
461KB
-
Sample
201028-bmrndsxle2
-
MD5
18bf3e3f440e390316f7521d2c65e3af
-
SHA1
a3bc72a04579631f81f3f5e805f9a2e92b48e4eb
-
SHA256
0f75c3b84e789554617fc2c187c0372aa3a76cb0d0687126a9d46d0b8f936057
-
SHA512
ca724c062479fc9750f4424b049eb0b68b04f7977e4cd2242997ec0e261e35b4d3e7f566c6857764161ce59721795afe0cddb1b1e634cc1e608a86fe4b43ed35
Static task
static1
Behavioral task
behavioral1
Sample
Prev-Annual.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Prev-Annual.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Prev-Annual.exe
-
Size
461KB
-
MD5
18bf3e3f440e390316f7521d2c65e3af
-
SHA1
a3bc72a04579631f81f3f5e805f9a2e92b48e4eb
-
SHA256
0f75c3b84e789554617fc2c187c0372aa3a76cb0d0687126a9d46d0b8f936057
-
SHA512
ca724c062479fc9750f4424b049eb0b68b04f7977e4cd2242997ec0e261e35b4d3e7f566c6857764161ce59721795afe0cddb1b1e634cc1e608a86fe4b43ed35
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-