General
-
Target
main.php
-
Size
329KB
-
Sample
211031-hbtpbaffb7
-
MD5
9c9b58c38841af6f89ff90a746d63cec
-
SHA1
95481d6dfa4660bd24ac519561269b6fbd4571c1
-
SHA256
11f3d84aad7131fe124155c9edfceb594649e87de1ee03383f470442d6ed69a1
-
SHA512
7b32798e4652f05861cdb5e03abb1eeebe4183c4f5411cc73166fc1e31dab37c00104e3cc035b2fc9c8c3300b561c17b9cffccc8af79fbc78ea2b1b1e721b518
Static task
static1
Behavioral task
behavioral1
Sample
main.php.dll
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
main.php.dll
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
main.php
-
Size
329KB
-
MD5
9c9b58c38841af6f89ff90a746d63cec
-
SHA1
95481d6dfa4660bd24ac519561269b6fbd4571c1
-
SHA256
11f3d84aad7131fe124155c9edfceb594649e87de1ee03383f470442d6ed69a1
-
SHA512
7b32798e4652f05861cdb5e03abb1eeebe4183c4f5411cc73166fc1e31dab37c00104e3cc035b2fc9c8c3300b561c17b9cffccc8af79fbc78ea2b1b1e721b518
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Bazar/Team9 Loader payload
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Suspicious use of SetThreadContext
-