General
-
Target
f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f
-
Size
332KB
-
Sample
201114-cbdjavcm6a
-
MD5
1e0ff1a8078820c5c10652e406d51bef
-
SHA1
e191fdbe58b527301eb4bd244a2258ba1cad0182
-
SHA256
f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f
-
SHA512
eb1a011724b988362aa52bdcb69d2886b736dbbe72fe9e53fa3530eeec6bb4089519896a88af48df8e99c7010930fb84cd33599e57f8477e8748cf5259e428a0
Static task
static1
Behavioral task
behavioral1
Sample
f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f
-
Size
332KB
-
MD5
1e0ff1a8078820c5c10652e406d51bef
-
SHA1
e191fdbe58b527301eb4bd244a2258ba1cad0182
-
SHA256
f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f
-
SHA512
eb1a011724b988362aa52bdcb69d2886b736dbbe72fe9e53fa3530eeec6bb4089519896a88af48df8e99c7010930fb84cd33599e57f8477e8748cf5259e428a0
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-