General
-
Target
5783209540485120.zip
-
Size
361KB
-
Sample
211028-dnmdjshag8
-
MD5
bbbd086e780ddd6a27876e802625f4d2
-
SHA1
bf0031e8d6cca5a3460dd8077587d038ee4048c5
-
SHA256
8fa3a8b1a4fcfb8b01a3b45343a607b85912b3558dc5f81fa6f1e8258e2afc05
-
SHA512
0c3947d1740f9eead872caa3447e0cc01bceaacab55f671314119251656334ba8f8d535ae5f0d89cd0609c5783e7e5af897249724007fd316714240a4385d8db
Static task
static1
Behavioral task
behavioral1
Sample
085a61a6665300691ccc02d742e3005fc6126db1f832fb71d40220ee93a5fdb9.dll
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
085a61a6665300691ccc02d742e3005fc6126db1f832fb71d40220ee93a5fdb9.dll
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
085a61a6665300691ccc02d742e3005fc6126db1f832fb71d40220ee93a5fdb9
-
Size
601KB
-
MD5
246de6e6c0a4a07deb3abc50dd3243d6
-
SHA1
6f3cb2960cd407be7c79e5f80b3506631eba8d84
-
SHA256
085a61a6665300691ccc02d742e3005fc6126db1f832fb71d40220ee93a5fdb9
-
SHA512
01704dd036598be0ff867a9979202b8fc6b82b8bb2abf14dc36f80bd3ef0b98af03623888b9287dc0f3ef85b6394a67ae13d9f46cb1203154839ecfc27f5a537
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Suspicious use of SetThreadContext
-