General
-
Target
Photoshop.exe
-
Size
156.6MB
-
Sample
230714-3k79aahc9w
-
MD5
dc5e3b45b340d7a726234a2df56dce67
-
SHA1
b670ac1a1784d10759fd9f59e65a18f8f9e4cf75
-
SHA256
6a1c8e092b7955d1df9875fbb7c0cd68bc30d799c6b9c3fda2f4f3755bef3c3b
-
SHA512
2f30dd627de35fe07f43ea760c226a33d8bd3da89a956c4865ed4cbcab54f6f911e0b420f6419b71f43f329486075f8051af1d4da4c9f99412f5bcf5e661eacf
-
SSDEEP
786432:8CRtopibnnAlY7rH2/oahreKtOQ9p7eFGt7NBYcxmj+l3vNE/C6sVtvNEnhkiWaS:htopicY7rWleE9rt7M2Jlr
Malware Config
Targets
-
-
Target
Photoshop.exe
-
Size
156.6MB
-
MD5
dc5e3b45b340d7a726234a2df56dce67
-
SHA1
b670ac1a1784d10759fd9f59e65a18f8f9e4cf75
-
SHA256
6a1c8e092b7955d1df9875fbb7c0cd68bc30d799c6b9c3fda2f4f3755bef3c3b
-
SHA512
2f30dd627de35fe07f43ea760c226a33d8bd3da89a956c4865ed4cbcab54f6f911e0b420f6419b71f43f329486075f8051af1d4da4c9f99412f5bcf5e661eacf
-
SSDEEP
786432:8CRtopibnnAlY7rH2/oahreKtOQ9p7eFGt7NBYcxmj+l3vNE/C6sVtvNEnhkiWaS:htopicY7rWleE9rt7M2Jlr
Score10/10-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload
-
Contacts a large (598) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-