General
-
Target
zas8.zip
-
Size
178KB
-
Sample
211021-2w6zxsbger
-
MD5
1fb6b7560707ee9185fe265c1ce9ad06
-
SHA1
efdff025d9bbf27690a992e9a6258b58ad74c199
-
SHA256
b4fa00fb44fe8433bcdddc473018f1c34aac4c6022200c3bb9edef0bbb2e5757
-
SHA512
25faa99de729dfc907c6e3bac92133a44468c087945c9d25df48e8e74206edeb99c6fce544c04668d192bb1f709ccf4ac82b2077a0d0eb32278843fd4794a694
Static task
static1
Behavioral task
behavioral1
Sample
zas8.dll
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
zas8.dll
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
zas8
-
Size
341KB
-
MD5
cdcd4487dad0a1d43fca2376a895c516
-
SHA1
342bab7e1ed48a969bd68a063c56173b9bcff3bc
-
SHA256
c1a12ae2564e0cd19ce6239ab1d635c1ef590f3fb8cab2a3f6ea822eaaf1af4e
-
SHA512
68899b3efa9290581e043c80dc915ab9e25e4582f2395fcc5593e4dd94c27bb1cbfad23439a1d7f412581a179590c4b658d07b3cd4d16295b06789e277f42496
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE BazaLoader Activity (GET)
suricata: ET MALWARE BazaLoader Activity (GET)
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
Bazar/Team9 Loader payload
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Suspicious use of SetThreadContext
-