General
-
Target
007-baza.bin
-
Size
279KB
-
Sample
230630-1vs61afh6s
-
MD5
86506e4534b7433da308a39b0df63cfa
-
SHA1
91c9f7410afd1423118b5a76d4eafb074267086e
-
SHA256
5edd735e3c6b81d985f3eadd1f8cae24091b947699f1152528566124f22d5341
-
SHA512
382673ac2b10df3ab0415973a3cea27ce628e1d2e3d2d72da31d980dc548998c7c6311016f2cbf6c347a0c23e90b75672cf408b7979182f45d64786706cf71e1
-
SSDEEP
6144:ht6D4CrIDlWKKqi7QARrYXJhUnNdeT6t8T6yH5ZLrdiYJtqh7+WJj:hctrYlWIibk5SNdAe8NztqhS2
Static task
static1
Behavioral task
behavioral1
Sample
007-baza.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
007-baza.exe
Resource
win10v2004-20230621-en
Malware Config
Targets
-
-
Target
007-baza.bin
-
Size
279KB
-
MD5
86506e4534b7433da308a39b0df63cfa
-
SHA1
91c9f7410afd1423118b5a76d4eafb074267086e
-
SHA256
5edd735e3c6b81d985f3eadd1f8cae24091b947699f1152528566124f22d5341
-
SHA512
382673ac2b10df3ab0415973a3cea27ce628e1d2e3d2d72da31d980dc548998c7c6311016f2cbf6c347a0c23e90b75672cf408b7979182f45d64786706cf71e1
-
SSDEEP
6144:ht6D4CrIDlWKKqi7QARrYXJhUnNdeT6t8T6yH5ZLrdiYJtqh7+WJj:hctrYlWIibk5SNdAe8NztqhS2
Score10/10-
Bazar/Team9 Loader payload
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-