General
-
Target
d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f
-
Size
97KB
-
Sample
220419-ctt5xabde7
-
MD5
644f833fce3d075c4a0cc44cdc59e0fd
-
SHA1
2aa95fa0d93a1a678e0bd891bdb5f990ab930a83
-
SHA256
d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f
-
SHA512
3c2ab610126b750e6cb7d49fce723b157cc6da80fa20477c68d7e0de06b35f319352940faff43c37afbb1214f54e8482ca4837571a7d610a746d04e538bb86c0
Static task
static1
Behavioral task
behavioral1
Sample
d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f.dll
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f
-
Size
97KB
-
MD5
644f833fce3d075c4a0cc44cdc59e0fd
-
SHA1
2aa95fa0d93a1a678e0bd891bdb5f990ab930a83
-
SHA256
d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f
-
SHA512
3c2ab610126b750e6cb7d49fce723b157cc6da80fa20477c68d7e0de06b35f319352940faff43c37afbb1214f54e8482ca4837571a7d610a746d04e538bb86c0
Score8/10-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-