Resubmissions
28-03-2022 12:32
220328-pqyedaeaej 1018-01-2022 06:25
220118-g64mbsabcm 1005-05-2021 04:52
210505-vc9dqnmbba 10Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
18-01-2022 06:25
Static task
static1
Behavioral task
behavioral1
Sample
krerb.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
krerb.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
krerb.exe
-
Size
199KB
-
MD5
1c74d51a1d7177bf9b23f6a567adc047
-
SHA1
ecb47205a047b173c4ecaf4f476204ef7154a7ad
-
SHA256
a8f0170ad5e5cdb0533ea888b0dbc97bc4bd23c9a0531e5e4b7cd1f05fa0875d
-
SHA512
0f2320ab1c60536cad706564a4ea739f2bac1b7cdd538ac1672542c9c02563292d95c2789845629ce696eca356876859a3efd57b305432d4d833fffd1b4cbef4
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
resource yara_rule behavioral2/memory/1184-133-0x0000026AFD120000-0x0000026AFD147000-memory.dmp BazarLoaderVar6 behavioral2/memory/2516-139-0x0000020E08AB0000-0x0000020E08AD7000-memory.dmp BazarLoaderVar6
Processes
-
C:\Users\Admin\AppData\Local\Temp\krerb.exe"C:\Users\Admin\AppData\Local\Temp\krerb.exe"1⤵PID:1184
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p1⤵PID:3896
-
C:\Users\Admin\AppData\Local\Temp\krerb.exeC:\Users\Admin\AppData\Local\Temp\krerb.exe {838B2F12-D2F2-4D12-BC01-1C8C61D4DCFC}1⤵PID:2516