General
-
Target
file.exe
-
Size
550KB
-
Sample
210108-pczb4ap9b2
-
MD5
8a528ec7943727678bac5b9f1b74627a
-
SHA1
05cbef6bd0992e3532a3c597957f821140b61b94
-
SHA256
d362c83e5a6701f9ae70c16063d743ea9fe6983d0c2b9aa2c2accf2d8ba5cb38
-
SHA512
1826277c68ed8a3ae957ec5286d59717445f1c50a471fb45f50197cbce9cd4e1eb602c40ca8218a5e7e2e145112e21c43f45ccb9d7c82fa6e933a83697bfe587
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
file.exe
-
Size
550KB
-
MD5
8a528ec7943727678bac5b9f1b74627a
-
SHA1
05cbef6bd0992e3532a3c597957f821140b61b94
-
SHA256
d362c83e5a6701f9ae70c16063d743ea9fe6983d0c2b9aa2c2accf2d8ba5cb38
-
SHA512
1826277c68ed8a3ae957ec5286d59717445f1c50a471fb45f50197cbce9cd4e1eb602c40ca8218a5e7e2e145112e21c43f45ccb9d7c82fa6e933a83697bfe587
-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-