General
-
Target
ZlvFNj.dat
-
Size
1.0MB
-
Sample
210722-ddb7rhhaax
-
MD5
6aec6aee754419c449358e21fc5cadea
-
SHA1
76bf3a742f006eacbf948423b5154b9344b839da
-
SHA256
2049636dacf350e2d08a2c977750ccbf4b8cc13732aac3863be940facd7a5989
-
SHA512
98c9db31be8c1ca2ac08d4228d844a21af03a9f267b4dbc2b6ff2a2d140939fb2cbf93b20202c84a9b9c3cad57896da58f533e454e6aecc2a1b187c2fc26adee
Static task
static1
Behavioral task
behavioral1
Sample
ZlvFNj.dat.dll
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ZlvFNj.dat.dll
Resource
win10v20210410
Malware Config
Targets
-
-
Target
ZlvFNj.dat
-
Size
1.0MB
-
MD5
6aec6aee754419c449358e21fc5cadea
-
SHA1
76bf3a742f006eacbf948423b5154b9344b839da
-
SHA256
2049636dacf350e2d08a2c977750ccbf4b8cc13732aac3863be940facd7a5989
-
SHA512
98c9db31be8c1ca2ac08d4228d844a21af03a9f267b4dbc2b6ff2a2d140939fb2cbf93b20202c84a9b9c3cad57896da58f533e454e6aecc2a1b187c2fc26adee
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-