General
-
Target
9dcbff0945ffba2e5e8b4dc03dd89f85346d9919c7084bed59671a003bd1eb86.7z
-
Size
56KB
-
Sample
210722-44wf4nh9vn
-
MD5
58c034197b7960c888d7b44a31e09f1f
-
SHA1
94fa8a654e8a7a5ffcbfb54f4825282473a0d311
-
SHA256
06901137edd64860bb15102bfd9e2a7c85c3a38517511883ccd8db6eebd8ae9f
-
SHA512
54b1ed64cfb242b533b83befbdcf759f92da8db8ef9abd5f5fd75ea8f74c619336db0635829a1237abae0c0175377471c175c2e9320271b4150926caadd56e1b
Malware Config
Targets
-
-
Target
9dcbff0945ffba2e5e8b4dc03dd89f85346d9919c7084bed59671a003bd1eb86
-
Size
142KB
-
MD5
95ac6fda2d58ac5de7fd19220443e808
-
SHA1
666d8b10f5b39aec23bb67d7f03288c8dbcd45d8
-
SHA256
9dcbff0945ffba2e5e8b4dc03dd89f85346d9919c7084bed59671a003bd1eb86
-
SHA512
3db7c4e7ea8338b99e1c38a7cb00c838cce734ae614342bb69aa43f89215ce05ed09461e62bf2b3d89bd5472b0559a9105b8a6a4216dd19d26ea190e4aa7931c
Score10/10-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-