General
-
Target
core3_1.bin
-
Size
214KB
-
Sample
220718-gsqtbabagl
-
MD5
6a94e3723ca817d1af955d2ed03062bc
-
SHA1
0f3fbe7fbb072f30cad64e825811a9f5f323f3bc
-
SHA256
c924d04db0dc4f4591c149b5ce9ea06f9bcc0628c9294b84cad522456f1c4cdd
-
SHA512
87ddc3615491d99350c14b0c8214d1d7c200072ae8f74ab9af3cc0128fd78017b4c5d053b06b4bb2f6f05e1bb1afba662e0ccd673b910f5979ae3893dff4b658
Behavioral task
behavioral1
Sample
core3_1.dll
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
core3_1.dll
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
core3_1.bin
-
Size
214KB
-
MD5
6a94e3723ca817d1af955d2ed03062bc
-
SHA1
0f3fbe7fbb072f30cad64e825811a9f5f323f3bc
-
SHA256
c924d04db0dc4f4591c149b5ce9ea06f9bcc0628c9294b84cad522456f1c4cdd
-
SHA512
87ddc3615491d99350c14b0c8214d1d7c200072ae8f74ab9af3cc0128fd78017b4c5d053b06b4bb2f6f05e1bb1afba662e0ccd673b910f5979ae3893dff4b658
Score10/10-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-