Overview

overview

10

Static

static

htmlDefine...pg.dll

windows7_x64

10

htmlDefine...pg.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    htmlDefineFunc.jpg

  • Size

    254KB

  • Sample

    210804-2cgqvmlvlx

  • MD5

    94b1dd32c7b1f7a4d9d0dd7e4c301dd6

  • SHA1

    17ec04d523899e9c63645aed68058404dbeeb557

  • SHA256

    d384dfdd90da4645a8d74956534cfcef7fcbbf4ed654e61b3d27384616b4bc4a

  • SHA512

    4873dfc934f5f58d2ac187af1233ca34f0b04737e0cb9aea8a5639fc1fb413bab1d232d6e56e7b9df6260b07eb87de1a0bd3b7499566220d432ebd4879697a58

Score
10/10
bazarloaderdropperloader

Malware Config

Targets

    • Target

      htmlDefineFunc.jpg

    • Size

      254KB

    • MD5

      94b1dd32c7b1f7a4d9d0dd7e4c301dd6

    • SHA1

      17ec04d523899e9c63645aed68058404dbeeb557

    • SHA256

      d384dfdd90da4645a8d74956534cfcef7fcbbf4ed654e61b3d27384616b4bc4a

    • SHA512

      4873dfc934f5f58d2ac187af1233ca34f0b04737e0cb9aea8a5639fc1fb413bab1d232d6e56e7b9df6260b07eb87de1a0bd3b7499566220d432ebd4879697a58

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks