General
-
Target
b9a239b2a4529fb7b9af59f566a023370b0a7731eaed40c971da4ab63e53b866
-
Size
412KB
-
Sample
211014-kg9ntsgfcm
-
MD5
d2ce8c98663fdb708eebe135d0698e2f
-
SHA1
226acd6a8c0b85d97d3a857ff97609bf78111c20
-
SHA256
b9a239b2a4529fb7b9af59f566a023370b0a7731eaed40c971da4ab63e53b866
-
SHA512
6ce3ee9aa0b2036f48cca0e1a85decbe338bf3a37790842f8a6665e1d3fa79d1b9e7e93857dbd6eaa4e2f6c27868cd7bebff0cce3f1f897881d921ca6a7d4f42
Static task
static1
Behavioral task
behavioral1
Sample
b9a239b2a4529fb7b9af59f566a023370b0a7731eaed40c971da4ab63e53b866.dll
Resource
win10v20210408
Malware Config
Targets
-
-
Target
b9a239b2a4529fb7b9af59f566a023370b0a7731eaed40c971da4ab63e53b866
-
Size
412KB
-
MD5
d2ce8c98663fdb708eebe135d0698e2f
-
SHA1
226acd6a8c0b85d97d3a857ff97609bf78111c20
-
SHA256
b9a239b2a4529fb7b9af59f566a023370b0a7731eaed40c971da4ab63e53b866
-
SHA512
6ce3ee9aa0b2036f48cca0e1a85decbe338bf3a37790842f8a6665e1d3fa79d1b9e7e93857dbd6eaa4e2f6c27868cd7bebff0cce3f1f897881d921ca6a7d4f42
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE BazaLoader Activity (GET)
suricata: ET MALWARE BazaLoader Activity (GET)
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Suspicious use of SetThreadContext
-