Analysis
-
max time kernel
150s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-05-2022 16:46
Static task
static1
Behavioral task
behavioral1
Sample
9a5030ff5c23877a4b426f73dacc684aa11d08723499cf891d998c20ef1a289d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
9a5030ff5c23877a4b426f73dacc684aa11d08723499cf891d998c20ef1a289d.exe
Resource
win10v2004-20220414-en
General
-
Target
9a5030ff5c23877a4b426f73dacc684aa11d08723499cf891d998c20ef1a289d.exe
-
Size
125KB
-
MD5
a112d432c396de8012e2dfeb982aa241
-
SHA1
1b3d8b92d7967637f6fc95dc79a810d6523a60ff
-
SHA256
9a5030ff5c23877a4b426f73dacc684aa11d08723499cf891d998c20ef1a289d
-
SHA512
6854a42943b9e305c07e3515d721a7097463817ebef412d3f224288677cb6b187c2d8d97d6292dfbcf23f5ea25304c965e700b818205d95d65f73c6bc83372cc
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Tries to connect to .bazar domain 1 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
Processes:
description flow ioc HTTP URL 42 https://62.108.35.194/api/v97