General
-
Target
9bca58b356486c17aeb8f157f614acac
-
Size
1.2MB
-
Sample
231227-b6sxyafbbm
-
MD5
9bca58b356486c17aeb8f157f614acac
-
SHA1
4421fbc98f0f0b87cc2912d668345fd5629d98ea
-
SHA256
37065b2a4cdaec2b1a260b39738746cb45895bd6d508e7aa5e4013e94abc6196
-
SHA512
a60d3d1dd58f1bfab0fecff45d34028f3adcb92d401d2846fed7eab82d1ac77837dfa4da2e19136005c7064d8037b4b50c43b63b0a0f1a419f0d46ca758caa5a
-
SSDEEP
12288:6yWeahQ/LWnzkXz5HYrniajhuSlHJzJBlPXXo/6aNdCaBSPZC1XZV72B7:HWeaZzqY7dhBjz/lfo/FIyXv72B7
Static task
static1
Behavioral task
behavioral1
Sample
9bca58b356486c17aeb8f157f614acac.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
9bca58b356486c17aeb8f157f614acac.dll
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
9bca58b356486c17aeb8f157f614acac
-
Size
1.2MB
-
MD5
9bca58b356486c17aeb8f157f614acac
-
SHA1
4421fbc98f0f0b87cc2912d668345fd5629d98ea
-
SHA256
37065b2a4cdaec2b1a260b39738746cb45895bd6d508e7aa5e4013e94abc6196
-
SHA512
a60d3d1dd58f1bfab0fecff45d34028f3adcb92d401d2846fed7eab82d1ac77837dfa4da2e19136005c7064d8037b4b50c43b63b0a0f1a419f0d46ca758caa5a
-
SSDEEP
12288:6yWeahQ/LWnzkXz5HYrniajhuSlHJzJBlPXXo/6aNdCaBSPZC1XZV72B7:HWeaZzqY7dhBjz/lfo/FIyXv72B7
Score10/10-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-