Resubmissions
24-08-2021 15:46
210824-t6hzlqqj4a 1024-08-2021 15:30
210824-gm7skbgnee 1024-08-2021 15:27
210824-68px7xses6 1024-08-2021 15:17
210824-2783vynafn 1004-08-2021 16:51
210804-8pmmxqpdzn 10Analysis
-
max time kernel
94s -
max time network
126s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
24-08-2021 15:30
Static task
static1
Behavioral task
behavioral1
Sample
JVrLyRD.dat.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
JVrLyRD.dat.dll
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
JVrLyRD.dat.dll
-
Size
242KB
-
MD5
12e60d21fd9c8675368635ea5246e393
-
SHA1
60ae64cd005f862797279fb151c9a0433b8e654c
-
SHA256
70c2422033dd395c0a6c15b5e6dbdde34aa65b7481d4b8298e70e0c3e72a2182
-
SHA512
6509c404b274af6250a241b441558d010729da12bbad47dd59c2da5a7480f682ff8c5bfeace9b2bc65db22f212b6399cd74f3f25ae22354db0ca8e06d85ed189
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 1 IoCs
resource yara_rule behavioral1/memory/1648-61-0x0000000001EC0000-0x0000000002057000-memory.dmp BazarLoaderVar6 -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
description flow ioc HTTP URL 7 https://api.opennicproject.org/geoip/?bare&ipv=4&wl=all&res=8