Analysis
-
max time kernel
134s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
10-05-2022 17:48
Static task
static1
Behavioral task
behavioral1
Sample
cdc37d85b3ea9525d8a24634a379169cbb87365a90d12d7043df80240d6bef70.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cdc37d85b3ea9525d8a24634a379169cbb87365a90d12d7043df80240d6bef70.exe
Resource
win10v2004-20220414-en
General
-
Target
cdc37d85b3ea9525d8a24634a379169cbb87365a90d12d7043df80240d6bef70.exe
-
Size
156KB
-
MD5
2c878fc287b2951f9fad69463c8e51fe
-
SHA1
328ce7444054a8175e7a9d3b52d8b699b7ce4e7b
-
SHA256
cdc37d85b3ea9525d8a24634a379169cbb87365a90d12d7043df80240d6bef70
-
SHA512
660100a39bb97aa5c40bdb33a910a57b38607d5eb641c546873037a2821e0ebf851a47eab4d119d511f3661e3edd8ae7395bf896b72c76d1f441913f972ccd0e
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Tries to connect to .bazar domain 1 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
Processes:
description flow ioc HTTP URL 27 https://62.108.35.194/api/v153