General
-
Target
gZPtMu.dat
-
Size
277KB
-
Sample
211011-x9tvashhhl
-
MD5
98580354879b361d7d9a45bcb134ff28
-
SHA1
e0328091bac07b0dcb33d3a03c73ce1381bdce28
-
SHA256
4f450a1d8f58bd985aeea2b75ed8eeb26728b261277605ab1abc703631edc925
-
SHA512
8904bade3aa22d6e69589eca35085d4bfc60001990bf3af45b68b17a1145aca368ca039ca8ee602599359d54b767b04d6b73b49726b778fb82b9dd1697a559f9
Static task
static1
Behavioral task
behavioral1
Sample
gZPtMu.dat.dll
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
gZPtMu.dat.dll
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
gZPtMu.dat
-
Size
277KB
-
MD5
98580354879b361d7d9a45bcb134ff28
-
SHA1
e0328091bac07b0dcb33d3a03c73ce1381bdce28
-
SHA256
4f450a1d8f58bd985aeea2b75ed8eeb26728b261277605ab1abc703631edc925
-
SHA512
8904bade3aa22d6e69589eca35085d4bfc60001990bf3af45b68b17a1145aca368ca039ca8ee602599359d54b767b04d6b73b49726b778fb82b9dd1697a559f9
Score10/10-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
Bazar/Team9 Loader payload
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-