General
-
Target
c18acf443a95d2f705fa3c8e0477622d.dll
-
Size
341KB
-
Sample
211022-jxpsxsbcg8
-
MD5
c18acf443a95d2f705fa3c8e0477622d
-
SHA1
f2077a96a8015f19fa21ca27b8203aa999aac2d5
-
SHA256
4a3dc99f99af4f2d8bd707a4163886df47cbdf6934856c416785010334412043
-
SHA512
22471dfc4b42cad9a0099a8e0ed17b45f23ab387c0d5bf9fe3786cfabea1e17ce3ecf9638d7027af311cbbe218ad72da2d24f8d9e742030d21875738aeb09c5f
Static task
static1
Behavioral task
behavioral1
Sample
c18acf443a95d2f705fa3c8e0477622d.dll
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
c18acf443a95d2f705fa3c8e0477622d.dll
-
Size
341KB
-
MD5
c18acf443a95d2f705fa3c8e0477622d
-
SHA1
f2077a96a8015f19fa21ca27b8203aa999aac2d5
-
SHA256
4a3dc99f99af4f2d8bd707a4163886df47cbdf6934856c416785010334412043
-
SHA512
22471dfc4b42cad9a0099a8e0ed17b45f23ab387c0d5bf9fe3786cfabea1e17ce3ecf9638d7027af311cbbe218ad72da2d24f8d9e742030d21875738aeb09c5f
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Bazar/Team9 Loader payload
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Suspicious use of SetThreadContext
-