General
-
Target
require 010.04.2021.doc
-
Size
75KB
-
Sample
211005-p6y1vahge3
-
MD5
6969e17d53d20ffd5dfd76d4955e5cc9
-
SHA1
da3b0bd9b89c264d0b6520658a1b0e9b851bd2d9
-
SHA256
365c4a15a704d7a6244a34ef94bc2aa845ae8435ab4ff4bdac7da55e76f75cf6
-
SHA512
8acb4fbce39b9c9b35e41d2efb4ff05641d9f14b3ec2a90163bbe3a7c33eca8fa7574b53aede7c55e19dd75ab623469b116157afc79ef80d6c1bf8892a212448
Static task
static1
Behavioral task
behavioral1
Sample
require 010.04.2021.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
require 010.04.2021.doc
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
require 010.04.2021.doc
-
Size
75KB
-
MD5
6969e17d53d20ffd5dfd76d4955e5cc9
-
SHA1
da3b0bd9b89c264d0b6520658a1b0e9b851bd2d9
-
SHA256
365c4a15a704d7a6244a34ef94bc2aa845ae8435ab4ff4bdac7da55e76f75cf6
-
SHA512
8acb4fbce39b9c9b35e41d2efb4ff05641d9f14b3ec2a90163bbe3a7c33eca8fa7574b53aede7c55e19dd75ab623469b116157afc79ef80d6c1bf8892a212448
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Bazar/Team9 Backdoor payload
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-