General
-
Target
91993433512a2cea93baefd05a20a4c95c6202e4.doc
-
Size
76KB
-
Sample
211005-psjn1aaahm
-
MD5
905c599b5c1a3aa68ea2d51958c85c35
-
SHA1
91993433512a2cea93baefd05a20a4c95c6202e4
-
SHA256
55855f7b32c51ff5a7ad295fdd7fcdbec3c8f0f9e1bbb518351537900d0d373f
-
SHA512
85e6d60342276cbf1900355539260c031c639ae758eeed566a71ae19ddfee3f87c2bd4a9faa2a40bbd7ff4616bada3567d035843b904f7f5f25a778b486dc641
Static task
static1
Behavioral task
behavioral1
Sample
91993433512a2cea93baefd05a20a4c95c6202e4.doc
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
91993433512a2cea93baefd05a20a4c95c6202e4.doc
Resource
win10v20210408
Malware Config
Targets
-
-
Target
91993433512a2cea93baefd05a20a4c95c6202e4.doc
-
Size
76KB
-
MD5
905c599b5c1a3aa68ea2d51958c85c35
-
SHA1
91993433512a2cea93baefd05a20a4c95c6202e4
-
SHA256
55855f7b32c51ff5a7ad295fdd7fcdbec3c8f0f9e1bbb518351537900d0d373f
-
SHA512
85e6d60342276cbf1900355539260c031c639ae758eeed566a71ae19ddfee3f87c2bd4a9faa2a40bbd7ff4616bada3567d035843b904f7f5f25a778b486dc641
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Bazar/Team9 Backdoor payload
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-