General
-
Target
3720-130-0x0000000180000000-0x000000018003C000-memory.dmp
-
Size
240KB
-
Sample
220701-mrtrgaecf7
-
MD5
05b27f22a4b2032dca2a5ef094f56029
-
SHA1
9461229aa031a96970cbbd61a4758fdba39486a3
-
SHA256
2bff52522f826e4f419c5e0b9cfce2c7495335c52fb91bfc104c860968868956
-
SHA512
fab9ced7265de408a7216deb72f9be5734332b483d2be4158cdac3063abe77a0149955f43a044a74d6c7363b5b34989a1c4af8d2e888d25a9579c3eba1961ee6
Static task
static1
Behavioral task
behavioral1
Sample
3720-130-0x0000000180000000-0x000000018003C000-memory.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3720-130-0x0000000180000000-0x000000018003C000-memory.dll
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
3720-130-0x0000000180000000-0x000000018003C000-memory.dmp
-
Size
240KB
-
MD5
05b27f22a4b2032dca2a5ef094f56029
-
SHA1
9461229aa031a96970cbbd61a4758fdba39486a3
-
SHA256
2bff52522f826e4f419c5e0b9cfce2c7495335c52fb91bfc104c860968868956
-
SHA512
fab9ced7265de408a7216deb72f9be5734332b483d2be4158cdac3063abe77a0149955f43a044a74d6c7363b5b34989a1c4af8d2e888d25a9579c3eba1961ee6
Score8/10-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-