General
-
Target
6681167969550336.zip
-
Size
336KB
-
Sample
210803-xknshz3jan
-
MD5
eb8b5e2a39f72abadc34ca5f21bc75d2
-
SHA1
d9172cfb379f2341bf085f0c089ca2a869a97ee3
-
SHA256
d4bee9cf6a3a6b8c8d3e49622c125a9afdbefcb7d9aca3b4b33b73916c6730cc
-
SHA512
7c7f2cf967f3de5a991ced3b4f8023cd5c4312fa00f2c06ed860eb71b8e9b76d5ca5557c084656634dcc087d9464758eae011f19f4b7d277b0d9c1b0c264be7f
Malware Config
Targets
-
-
Target
f93b838dc89e7d3d47b1225c5d4a7b706062fd8a0f380b173c099d0570814348
-
Size
663KB
-
MD5
faa84badf9eee5c7ab7c727f7ffe2c4f
-
SHA1
7b7923d89bb8d564b8be409476652d8005e19fba
-
SHA256
f93b838dc89e7d3d47b1225c5d4a7b706062fd8a0f380b173c099d0570814348
-
SHA512
42a27e1dc0106c032f1c5b11085573b97c092114d807d354b93788688e2dcd21c30c3d915c5365248ba5b77d155246a1c98d11336d2f16b66d71e0e386b40b63
Score10/10-
AnchorDNS Backdoor
A backdoor which communicates with C2 through DNS, attributed to the creators of Trickbot and Bazar.
-
Detected AnchorDNS Backdoor
Sample triggered yara rules associated with the AnchorDNS malware family.
-
suricata: ET MALWARE Anchor_DNS Trickbot DNS CnC Command - Sending Data
-
Executes dropped EXE
-
Loads dropped DLL
-