General
-
Target
7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd.dll
-
Size
497KB
-
Sample
211020-ldcelahgej
-
MD5
7c8cb852b333986ff59da438533975ed
-
SHA1
cd17f87ecccd8f2e834e98d380a6447e15552467
-
SHA256
7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd
-
SHA512
1209377412de2b7d0ca2000a71ebcc178e006510e600a7fafa4e05a31d4801b0215d252b1aebea9c919fde9e8bea8f5cf918f0053c86d81b5c91422d8f7bcbe7
Static task
static1
Behavioral task
behavioral1
Sample
7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd.dll
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd.dll
-
Size
497KB
-
MD5
7c8cb852b333986ff59da438533975ed
-
SHA1
cd17f87ecccd8f2e834e98d380a6447e15552467
-
SHA256
7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd
-
SHA512
1209377412de2b7d0ca2000a71ebcc178e006510e600a7fafa4e05a31d4801b0215d252b1aebea9c919fde9e8bea8f5cf918f0053c86d81b5c91422d8f7bcbe7
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE BazaLoader Activity (GET)
suricata: ET MALWARE BazaLoader Activity (GET)
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Suspicious use of SetThreadContext
-