738f4267728385be1d6336685338a0af96f09587218dbc6b3b88db07d1326877 | Triage

Submit
Reports

Overview

overview

8

Static

static

boysLove.jpg.dll

windows7_x64

8

boysLove.jpg.dll

windows10_x64

8

Sharing

General

Target

boysLove.jpg
Size

454KB
Sample

210721-37yrpsqkhx
MD5

a54bf8f8470245c908cc1de6063e04fc
SHA1

a02f9a05c2fb54d898b71da065e87501ab60828c
SHA256

738f4267728385be1d6336685338a0af96f09587218dbc6b3b88db07d1326877
SHA512

1905141e3000aa2296fff83e0d2f576a7b8e5f3ef26bd884476aa38bc4dbc53e61dc0c9a0f31a9e0d320d932758b2da43cb4e6986607000ffdebd83ec0244680

Score

8^/10

Static task

static1

Behavioral task

behavioral1

Sample

boysLove.jpg.dll

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

boysLove.jpg.dll

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  boysLove.jpg
- Size
  
  454KB
- MD5
  
  a54bf8f8470245c908cc1de6063e04fc
- SHA1
  
  a02f9a05c2fb54d898b71da065e87501ab60828c
- SHA256
  
  738f4267728385be1d6336685338a0af96f09587218dbc6b3b88db07d1326877
- SHA512
  
  1905141e3000aa2296fff83e0d2f576a7b8e5f3ef26bd884476aa38bc4dbc53e61dc0c9a0f31a9e0d320d932758b2da43cb4e6986607000ffdebd83ec0244680
Score

8^/10
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy