Resubmissions

28-03-2022 12:32

220328-pqyedaeaej 10

18-01-2022 06:25

220118-g64mbsabcm 10

05-05-2021 04:52

210505-vc9dqnmbba 10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    18-01-2022 06:25

General

  • Target

    krerb.exe

  • Size

    199KB

  • MD5

    1c74d51a1d7177bf9b23f6a567adc047

  • SHA1

    ecb47205a047b173c4ecaf4f476204ef7154a7ad

  • SHA256

    a8f0170ad5e5cdb0533ea888b0dbc97bc4bd23c9a0531e5e4b7cd1f05fa0875d

  • SHA512

    0f2320ab1c60536cad706564a4ea739f2bac1b7cdd538ac1672542c9c02563292d95c2789845629ce696eca356876859a3efd57b305432d4d833fffd1b4cbef4

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

  • Bazar/Team9 Loader payload 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\krerb.exe
    "C:\Users\Admin\AppData\Local\Temp\krerb.exe"
    1⤵
      PID:1184
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
      1⤵
        PID:3896
      • C:\Users\Admin\AppData\Local\Temp\krerb.exe
        C:\Users\Admin\AppData\Local\Temp\krerb.exe {838B2F12-D2F2-4D12-BC01-1C8C61D4DCFC}
        1⤵
          PID:2516

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1184-133-0x0000026AFD120000-0x0000026AFD147000-memory.dmp

          Filesize

          156KB

        • memory/2516-139-0x0000020E08AB0000-0x0000020E08AD7000-memory.dmp

          Filesize

          156KB