General
-
Target
1de56ea9fec1f6d75e012013c41abce271314aed95e48ac984902601dd0811cb
-
Size
550KB
-
Sample
220508-x77y5sbcal
-
MD5
aa569a58ad06c7cbdb4587f0915bee26
-
SHA1
9eea511d098b34a284508f45e69e3fe67fd74f8d
-
SHA256
1de56ea9fec1f6d75e012013c41abce271314aed95e48ac984902601dd0811cb
-
SHA512
4c481bca7e848fb4a9f7041d29b9cc19e4ea37dcac574522f80fac847de6c6f2849afd2835ee3ca20480ec5cb4e5bc3a55f864785ae9ec8d39f72bc5dee15337
Malware Config
Targets
-
-
Target
1de56ea9fec1f6d75e012013c41abce271314aed95e48ac984902601dd0811cb
-
Size
550KB
-
MD5
aa569a58ad06c7cbdb4587f0915bee26
-
SHA1
9eea511d098b34a284508f45e69e3fe67fd74f8d
-
SHA256
1de56ea9fec1f6d75e012013c41abce271314aed95e48ac984902601dd0811cb
-
SHA512
4c481bca7e848fb4a9f7041d29b9cc19e4ea37dcac574522f80fac847de6c6f2849afd2835ee3ca20480ec5cb4e5bc3a55f864785ae9ec8d39f72bc5dee15337
Score10/10-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload
-
Executes dropped EXE
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-