General
-
Target
DOCUMENTS-REPORT-44.iso.zip
-
Size
292KB
-
Sample
211008-wqr1xsegd4
-
MD5
dd46d246cde6c4661a45c5e1bdc406bd
-
SHA1
2d5b8cb76857556af316587a915165009a403609
-
SHA256
8db22092d66ef12fa07764a709ba60f7258e8d113f93e912890183da5dad2da1
-
SHA512
349f0530aacd4667d250707f471e5ddc1fcb4649fbd333f239033e170ea5785143fe19bf7cf028867387b369a5f7bb2430dbe60ba91f8e751a5e91b4eb963d93
Static task
static1
Behavioral task
behavioral1
Sample
1.dll
Resource
win7v20210408
Behavioral task
behavioral2
Sample
1.dll
Resource
win10v20210408
Behavioral task
behavioral3
Sample
Documents.lnk
Resource
win7-en-20210920
Behavioral task
behavioral4
Sample
Documents.lnk
Resource
win10v20210408
Malware Config
Targets
-
-
Target
1.dll
-
Size
518KB
-
MD5
c0a88d8ea1c610384bc18bfa12407038
-
SHA1
0a3d5e68878afbe4fa9a154c005c9337bdf83faa
-
SHA256
e425d1aebf1de8798b6ce3e55a3767b47fc6678d6d3886dcb48932fd69474de7
-
SHA512
437c3416f8f11afd0ad4368fa8cc2e03ea9d99c718011afcf11c6ff2cc1c2f3156a050bae7d283e70483200cac576dea893b4878f17b2410c8ac8afe25f17685
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-
-
-
Target
Documents.lnk
-
Size
1KB
-
MD5
db8f42a798dd65d9bd8398c3e2564f06
-
SHA1
7df618ca8e5e21faf19ece8c2470f62af8e4ea15
-
SHA256
59b77f3b8d2e7d72c61d522a2bcabbe0b47be3b73e1a4001cb763589a656134c
-
SHA512
3533442932c0a796de82668f334f264b6aac4f3552eef535caeda4bb7d4feeb7d1789c09424ac3de506a8438ab9d19713ce0272816c5d8b4dd8ae545bc862053
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Suspicious use of SetThreadContext
-