General
-
Target
4663bba7172a24a9a46a1e2b8d1ed0df
-
Size
403KB
-
Sample
231226-ar8t6sfbd2
-
MD5
4663bba7172a24a9a46a1e2b8d1ed0df
-
SHA1
a8d683cca49ac28a89a30418b94818be0184a887
-
SHA256
a314401b8e12130bea249a3734022a8ebd46b8e65b18535db60944a00e84e6f6
-
SHA512
48fb556ecda308ab9fe42f18283acb39a2dd2f57a07635867e6a09a9c733414902baf75901f33c8a2d0b6ec8a3b865237612ef92f9a59de795fff54fbc33f2b4
-
SSDEEP
12288:ZinPGC8lXe1gwijX52yN7stYqaHVbBBRY:gnPAlOWwIX5ZNpFY
Static task
static1
Behavioral task
behavioral1
Sample
4663bba7172a24a9a46a1e2b8d1ed0df.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4663bba7172a24a9a46a1e2b8d1ed0df.dll
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
4663bba7172a24a9a46a1e2b8d1ed0df
-
Size
403KB
-
MD5
4663bba7172a24a9a46a1e2b8d1ed0df
-
SHA1
a8d683cca49ac28a89a30418b94818be0184a887
-
SHA256
a314401b8e12130bea249a3734022a8ebd46b8e65b18535db60944a00e84e6f6
-
SHA512
48fb556ecda308ab9fe42f18283acb39a2dd2f57a07635867e6a09a9c733414902baf75901f33c8a2d0b6ec8a3b865237612ef92f9a59de795fff54fbc33f2b4
-
SSDEEP
12288:ZinPGC8lXe1gwijX52yN7stYqaHVbBBRY:gnPAlOWwIX5ZNpFY
Score10/10-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-