General
-
Target
a63664c9f44f5e5b2e2537c844a0792db3b68fe822c9785075d3e5e76394f5ad
-
Size
330KB
-
Sample
201110-zrsy8czye2
-
MD5
b38a883c02ea265b03166cb902e4db4b
-
SHA1
d7630b56d299445cf64e810e7c7dbb59a7572145
-
SHA256
a63664c9f44f5e5b2e2537c844a0792db3b68fe822c9785075d3e5e76394f5ad
-
SHA512
ac8f49a1592ef2bcc6e2a6093589767607d8bec6f5fbf084f286c814f62c5cfe83e489b3cad780e06c120de3fbacbc8302e63b6571784ab3ecad51f6bf9b65ee
Static task
static1
Behavioral task
behavioral1
Sample
a63664c9f44f5e5b2e2537c844a0792db3b68fe822c9785075d3e5e76394f5ad.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
a63664c9f44f5e5b2e2537c844a0792db3b68fe822c9785075d3e5e76394f5ad.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
a63664c9f44f5e5b2e2537c844a0792db3b68fe822c9785075d3e5e76394f5ad
-
Size
330KB
-
MD5
b38a883c02ea265b03166cb902e4db4b
-
SHA1
d7630b56d299445cf64e810e7c7dbb59a7572145
-
SHA256
a63664c9f44f5e5b2e2537c844a0792db3b68fe822c9785075d3e5e76394f5ad
-
SHA512
ac8f49a1592ef2bcc6e2a6093589767607d8bec6f5fbf084f286c814f62c5cfe83e489b3cad780e06c120de3fbacbc8302e63b6571784ab3ecad51f6bf9b65ee
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-