General
-
Target
new-documents-1048.iso
-
Size
654KB
-
Sample
211026-sg4rkshge5
-
MD5
96e1b327cd6b8b5b5817dda1076f1a89
-
SHA1
36630576f76b70e8ba990c52429d1d50cd0a1709
-
SHA256
6a12f82afe261ec856bf1e72aa7767d5f05f9276e2558f1b4bf325af197a40f1
-
SHA512
b78e9f6551ce75bd35d383ed89893d25eb94b36bf2fd3642222551ecf5d18be3a1708880af8d4066ff553591ac4d464d98352d4f7970cece6e27d959e52b1883
Static task
static1
Behavioral task
behavioral1
Sample
Documents.lnk
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Documents.lnk
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
Documents.lnk
-
Size
1KB
-
MD5
4d8af5ba95aa23f7162b7bbf8622d801
-
SHA1
d5b8c1a219686be5b75e58c560609023b491d9aa
-
SHA256
e87f9f378590b95de1b1ef2aaab84e1d00f210fd6aaf5025d815f33096c9d162
-
SHA512
f64416dbce111afe375efe031b05ed5b5b5c00c956d3c419d733147e4f0e751a60f3a22c72c36d45841abf85013c9647c6dc040cdd3d56c9b8cc35bccfd60d2c
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Suspicious use of SetThreadContext
-