General
-
Target
Report-doc.11.03.xlsb
-
Size
26KB
-
Sample
201103-aqjqez9kze
-
MD5
9cf051461a704aca7b839964ab2355ab
-
SHA1
056244cddc082c128df5dda156ac9c1428121e04
-
SHA256
4fb1df3cc70ff21190e4ce1c6791a0112aba9acd582d1379bc73fcc27e607810
-
SHA512
ce359920c8fcc6a52683be1b84ef4582900853d4d3b5ca410a929d01f32a47242a1a8a419d435757b45df949fdb2d6392e43aa15eadbb8fa56c82d893bc2e693
Static task
static1
Behavioral task
behavioral1
Sample
Report-doc.11.03.xlsb
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Report-doc.11.03.xlsb
Resource
win7v20201028
Malware Config
Targets
-
-
Target
Report-doc.11.03.xlsb
-
Size
26KB
-
MD5
9cf051461a704aca7b839964ab2355ab
-
SHA1
056244cddc082c128df5dda156ac9c1428121e04
-
SHA256
4fb1df3cc70ff21190e4ce1c6791a0112aba9acd582d1379bc73fcc27e607810
-
SHA512
ce359920c8fcc6a52683be1b84ef4582900853d4d3b5ca410a929d01f32a47242a1a8a419d435757b45df949fdb2d6392e43aa15eadbb8fa56c82d893bc2e693
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-