Analysis
-
max time kernel
187s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-05-2022 22:43
Static task
static1
Behavioral task
behavioral1
Sample
fd47e20c094a1e23079eee41440b971162c1df668315b5e882c12805b9ec0c68.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
fd47e20c094a1e23079eee41440b971162c1df668315b5e882c12805b9ec0c68.exe
Resource
win10v2004-20220414-en
General
-
Target
fd47e20c094a1e23079eee41440b971162c1df668315b5e882c12805b9ec0c68.exe
-
Size
250KB
-
MD5
b8dd3183755b57f5e18f29a0430b481e
-
SHA1
42485407433474d4fd2b6880eef4b49fa6c277d9
-
SHA256
fd47e20c094a1e23079eee41440b971162c1df668315b5e882c12805b9ec0c68
-
SHA512
8362fa5a3c3563b470ba06b49cfb662b7e114d77481bf656af3a1e71666ef26ad8d758776f075fe9c0634456f5c0b4a360016a75a3967b766cde8ab0449f5d31
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Tries to connect to .bazar domain 1 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
Processes:
description flow ioc HTTP URL 43 https://62.108.35.194/api/v97