General
-
Target
picture.jpg
-
Size
308KB
-
Sample
220201-bjlkcafba8
-
MD5
21c62adba10a2f518357106947a3410c
-
SHA1
607df191b24b5bc402bf4b37272c855c8ebb9dff
-
SHA256
716f2ae73525362939d52104e809ea9da5e031f9d31f0b53d8de77df989c8b85
-
SHA512
049c14038e81afa17759a27456207a39f18c08b2a65a56d786dcb458ae9544b1f061f408b07c1d614ddb9baf0fa0c20115e822095446c208016b9dfef243bdde
Static task
static1
Behavioral task
behavioral1
Sample
picture.dll
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
picture.jpg
-
Size
308KB
-
MD5
21c62adba10a2f518357106947a3410c
-
SHA1
607df191b24b5bc402bf4b37272c855c8ebb9dff
-
SHA256
716f2ae73525362939d52104e809ea9da5e031f9d31f0b53d8de77df989c8b85
-
SHA512
049c14038e81afa17759a27456207a39f18c08b2a65a56d786dcb458ae9544b1f061f408b07c1d614ddb9baf0fa0c20115e822095446c208016b9dfef243bdde
Score10/10-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Sets service image path in registry
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-