General
-
Target
baza-or-cs.dll
-
Size
153KB
-
Sample
210716-v4jh8hf6ea
-
MD5
ea3612919bf05b66e9a608bee742a422
-
SHA1
032747a1658fea7f8d624c11ae965f3218f96909
-
SHA256
fd001fb71e9faa68c6e53162ed0554fd6f16a0e381aa280cea397b3d74bb62eb
-
SHA512
f2f049ef68cd5c06511dab2ef82a67e0aa44ac583ec5e84ec7cba1627f47c31a748ad58e1b065401b162a4266f753ac842efceef7cbe33efb0a9d8399365e2c7
Static task
static1
Behavioral task
behavioral1
Sample
baza-or-cs.dll
Resource
win7v20210408
Behavioral task
behavioral2
Sample
baza-or-cs.dll
Resource
win10v20210410
Malware Config
Targets
-
-
Target
baza-or-cs.dll
-
Size
153KB
-
MD5
ea3612919bf05b66e9a608bee742a422
-
SHA1
032747a1658fea7f8d624c11ae965f3218f96909
-
SHA256
fd001fb71e9faa68c6e53162ed0554fd6f16a0e381aa280cea397b3d74bb62eb
-
SHA512
f2f049ef68cd5c06511dab2ef82a67e0aa44ac583ec5e84ec7cba1627f47c31a748ad58e1b065401b162a4266f753ac842efceef7cbe33efb0a9d8399365e2c7
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-