General
-
Target
new-documents-2030.zip.zip
-
Size
355KB
-
Sample
211025-v8m91sgdh3
-
MD5
7bcb72e0ea43d8c34e9604238cbfb4eb
-
SHA1
58982fcd989573c75be3181b39eaaff0e80d31a0
-
SHA256
c6c49487b97174cf00ebc3a28b15e27f9c8cfbb57294cb588e67603322581ea8
-
SHA512
f8cdc08354e63a75ae2f6d3052bc588646617cb8bb99eebd59330eeb5569aad024821a110f614fcb23c875eeb76227b88d89f6d4c59bd1170486df7a8bd8278c
Static task
static1
Behavioral task
behavioral1
Sample
Documents.lnk
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Documents.lnk
Resource
win10-en-20210920
Behavioral task
behavioral3
Sample
SharedFiles.dll
Resource
win7-en-20211014
Behavioral task
behavioral4
Sample
SharedFiles.dll
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
Documents.lnk
-
Size
1KB
-
MD5
4d8af5ba95aa23f7162b7bbf8622d801
-
SHA1
d5b8c1a219686be5b75e58c560609023b491d9aa
-
SHA256
e87f9f378590b95de1b1ef2aaab84e1d00f210fd6aaf5025d815f33096c9d162
-
SHA512
f64416dbce111afe375efe031b05ed5b5b5c00c956d3c419d733147e4f0e751a60f3a22c72c36d45841abf85013c9647c6dc040cdd3d56c9b8cc35bccfd60d2c
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Suspicious use of SetThreadContext
-
-
-
Target
SharedFiles.dll
-
Size
601KB
-
MD5
adf5dc4ac48443f7042237921620a740
-
SHA1
492528054a7de48cfab7ca982bfd7a5459b3e062
-
SHA256
b60a22be0a21e0a4c52a0fe0fecc2b55205297e1ddafd2364f75b46b8deedb74
-
SHA512
ae629b9181b773a00d6ac74dc2b262fe87995c8f5ae58ae3c3a7b2d7784b99dc382ef41fa02ff35bbdfea76aac638fa7a43b6fc00ea6fdc5b66a1bcca60568ba
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Suspicious use of SetThreadContext
-