General
-
Target
dl8.exe
-
Size
271KB
-
Sample
210408-rf4c3mtwdx
-
MD5
0a6e27aa3415f502af6585bddf7e0d3e
-
SHA1
a8bdb01ef8a6e75ec200c5d4f6d9f32539dca9f2
-
SHA256
210c46aae3d71ecbac79447d124d895dded804c08342b17258cd4b400b0bebe0
-
SHA512
abd3b3d4e6251fe5231bf45186b43cb1d4aa5dc36fd79e71e4bf010d9adfbf2c6837d4606795be97a00911cd5d06326d7ed38656dbe7827ed33a59b0f140d479
Static task
static1
Behavioral task
behavioral1
Sample
dl8.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
dl8.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
dl8.exe
-
Size
271KB
-
MD5
0a6e27aa3415f502af6585bddf7e0d3e
-
SHA1
a8bdb01ef8a6e75ec200c5d4f6d9f32539dca9f2
-
SHA256
210c46aae3d71ecbac79447d124d895dded804c08342b17258cd4b400b0bebe0
-
SHA512
abd3b3d4e6251fe5231bf45186b43cb1d4aa5dc36fd79e71e4bf010d9adfbf2c6837d4606795be97a00911cd5d06326d7ed38656dbe7827ed33a59b0f140d479
Score10/10-
Bazar/Team9 Loader payload
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Drops desktop.ini file(s)
-