General
-
Target
ce5ee2fd8aa4acda24baf6221b5de66220172da0eb312705936adc5b164cc052
-
Size
611KB
-
Sample
220804-zvwfpabhhr
-
MD5
df96269b0242bdb6a06621696f5d31cb
-
SHA1
db4ececac3eb4d38c632a6f83f42666bce0070ae
-
SHA256
ce5ee2fd8aa4acda24baf6221b5de66220172da0eb312705936adc5b164cc052
-
SHA512
e3b17f0640be0fc109d6247bae58711583f42152bb29f887e9f5ca456518f70d687d793278f19fde24419ff34ff5888ead43bc00a0bddbb6994f36d19f956f83
Static task
static1
Behavioral task
behavioral1
Sample
ce5ee2fd8aa4acda24baf6221b5de66220172da0eb312705936adc5b164cc052.dll
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
ce5ee2fd8aa4acda24baf6221b5de66220172da0eb312705936adc5b164cc052.dll
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
ce5ee2fd8aa4acda24baf6221b5de66220172da0eb312705936adc5b164cc052
-
Size
611KB
-
MD5
df96269b0242bdb6a06621696f5d31cb
-
SHA1
db4ececac3eb4d38c632a6f83f42666bce0070ae
-
SHA256
ce5ee2fd8aa4acda24baf6221b5de66220172da0eb312705936adc5b164cc052
-
SHA512
e3b17f0640be0fc109d6247bae58711583f42152bb29f887e9f5ca456518f70d687d793278f19fde24419ff34ff5888ead43bc00a0bddbb6994f36d19f956f83
Score10/10-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-