General
-
Target
peju4
-
Size
840KB
-
Sample
211022-twb6jscgcm
-
MD5
c86d7d276cc517c34ff430b49551a91c
-
SHA1
5338ba42e2251f579aa31e0e5ce4dd98ba476f68
-
SHA256
510a27e3550669e6eea0d1fb8520b75416ec3595d5208e1c505d60e36af7477d
-
SHA512
1097e57b42e32466e8d8b3d182d4643a9c92edbe0f741e051a9381e3b1e97317577f3c9e4ce0223f4542895f5b9ca358196fe0b817fd01ee46dbfb748fce8f4d
Static task
static1
Behavioral task
behavioral1
Sample
peju4.dll
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
peju4.dll
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
peju4
-
Size
840KB
-
MD5
c86d7d276cc517c34ff430b49551a91c
-
SHA1
5338ba42e2251f579aa31e0e5ce4dd98ba476f68
-
SHA256
510a27e3550669e6eea0d1fb8520b75416ec3595d5208e1c505d60e36af7477d
-
SHA512
1097e57b42e32466e8d8b3d182d4643a9c92edbe0f741e051a9381e3b1e97317577f3c9e4ce0223f4542895f5b9ca358196fe0b817fd01ee46dbfb748fce8f4d
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Bazar/Team9 Loader payload
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Suspicious use of SetThreadContext
-