General
-
Target
zas6
-
Size
341KB
-
Sample
211021-q9m87abccp
-
MD5
b3006622f08bfedeb4f5abaf7f88bfd8
-
SHA1
f80ff6d37a5de8eb8715f00bf7db677e647a53ca
-
SHA256
c1e98cb060bcffb391acc2bf84048ced69cadbe39c4cc65fa4ff793547fed232
-
SHA512
046450b3a0e28bef598ea57cdfca80e85381a7d8be3fd9f007998be327f85095d61da4d8482675c9a10257d64521fbab98973db9cc5e049e8f8e6965a74af07d
Malware Config
Targets
-
-
Target
zas6
-
Size
341KB
-
MD5
b3006622f08bfedeb4f5abaf7f88bfd8
-
SHA1
f80ff6d37a5de8eb8715f00bf7db677e647a53ca
-
SHA256
c1e98cb060bcffb391acc2bf84048ced69cadbe39c4cc65fa4ff793547fed232
-
SHA512
046450b3a0e28bef598ea57cdfca80e85381a7d8be3fd9f007998be327f85095d61da4d8482675c9a10257d64521fbab98973db9cc5e049e8f8e6965a74af07d
Score10/10-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE BazaLoader Activity (GET)
suricata: ET MALWARE BazaLoader Activity (GET)
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
Bazar/Team9 Loader payload
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Suspicious use of SetThreadContext
-