Analysis
-
max time kernel
4294210s -
max time network
161s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
19-03-2022 23:10
Static task
static1
Behavioral task
behavioral1
Sample
898f6e91c82bf23b5b95e0560292b1c610970b3062eeeb9980c75f954e5024a9.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
898f6e91c82bf23b5b95e0560292b1c610970b3062eeeb9980c75f954e5024a9.exe
Resource
win10v2004-20220310-en
General
-
Target
898f6e91c82bf23b5b95e0560292b1c610970b3062eeeb9980c75f954e5024a9.exe
-
Size
576KB
-
MD5
2946562b29462362faf215bf7a2fcaa6
-
SHA1
3d4894ad006420523bfec3996774ece6090e4e15
-
SHA256
898f6e91c82bf23b5b95e0560292b1c610970b3062eeeb9980c75f954e5024a9
-
SHA512
a6ef18c693ca2d13174e745f96e80b5b81227ab55596713da1410a245aa9d261df36dd442fc27112b24baaee5bd45b44c95425da41b05ebc21e73ad33477fde4
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload 3 IoCs
Processes:
resource yara_rule behavioral1/memory/1944-55-0x0000000001E50000-0x0000000001EA9000-memory.dmp BazarBackdoorVar3 behavioral1/memory/1944-59-0x0000000180000000-0x0000000180058000-memory.dmp BazarBackdoorVar3 behavioral1/memory/1944-64-0x0000000000240000-0x0000000000297000-memory.dmp BazarBackdoorVar3 -
Bazar/Team9 Loader payload 3 IoCs
Processes:
resource yara_rule behavioral1/memory/1944-55-0x0000000001E50000-0x0000000001EA9000-memory.dmp BazarLoaderVar3 behavioral1/memory/1944-59-0x0000000180000000-0x0000000180058000-memory.dmp BazarLoaderVar3 behavioral1/memory/1944-64-0x0000000000240000-0x0000000000297000-memory.dmp BazarLoaderVar3