General
-
Target
Creative_Cloud_Set-Up.exe
-
Size
2.8MB
-
Sample
230527-tw4wkach2z
-
MD5
e522f8b8c4a3ce819467aac70121ea82
-
SHA1
17847911f9a47f099657a19dca3e561047bb767c
-
SHA256
c083e94b1a06a934e1d0232e8d990d61bfffcd0037f934168418be6a4480de99
-
SHA512
a2ad329bb0ab6e49f81b1920b79c6602a9e21e7ac9846eac1c097d850eb2c07c63f994153c679bc8efd76b47d006428ef3c11e48b1467438a53cf2f580b320e7
-
SSDEEP
49152:k51Z7F25DNGy3g9lRC8mk62yFjqGAuf75pqjf8jJPfs/kfwMflf0hchZgtyP4:k515F2W+8ClgduD59fVfwM/aw4
Malware Config
Targets
-
-
Target
Creative_Cloud_Set-Up.exe
-
Size
2.8MB
-
MD5
e522f8b8c4a3ce819467aac70121ea82
-
SHA1
17847911f9a47f099657a19dca3e561047bb767c
-
SHA256
c083e94b1a06a934e1d0232e8d990d61bfffcd0037f934168418be6a4480de99
-
SHA512
a2ad329bb0ab6e49f81b1920b79c6602a9e21e7ac9846eac1c097d850eb2c07c63f994153c679bc8efd76b47d006428ef3c11e48b1467438a53cf2f580b320e7
-
SSDEEP
49152:k51Z7F25DNGy3g9lRC8mk62yFjqGAuf75pqjf8jJPfs/kfwMflf0hchZgtyP4:k515F2W+8ClgduD59fVfwM/aw4
Score10/10-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Detected adobe phishing page
-
Bazar/Team9 Loader payload
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Registers COM server for autorun
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-