General
-
Target
9b35b45aa39ebe202ce6cdcb9df656ee
-
Size
1.2MB
-
Sample
231227-bvvbmaebhn
-
MD5
9b35b45aa39ebe202ce6cdcb9df656ee
-
SHA1
49ce63eb5043cd25d4b8cbe8e1c3e6717b8c4fe8
-
SHA256
e3ae3375e738c81024554011d0596ff8ab801267c6eb4df7815d8c4e876f39d2
-
SHA512
1171f83c88c2531e86fc64474568feecfc340cfa477183fe87c9df7b952a333afbd304c6b57bba44a8ba7b3d8dba95aba403c8bba8b7e0ef27ee36a8ffa2935b
-
SSDEEP
24576:0Wpc+G43nwqthqmmldpXoQ5IyXdLrgvHmrB:8+n3Hthqm9qgkB
Static task
static1
Behavioral task
behavioral1
Sample
9b35b45aa39ebe202ce6cdcb9df656ee.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9b35b45aa39ebe202ce6cdcb9df656ee.dll
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
9b35b45aa39ebe202ce6cdcb9df656ee
-
Size
1.2MB
-
MD5
9b35b45aa39ebe202ce6cdcb9df656ee
-
SHA1
49ce63eb5043cd25d4b8cbe8e1c3e6717b8c4fe8
-
SHA256
e3ae3375e738c81024554011d0596ff8ab801267c6eb4df7815d8c4e876f39d2
-
SHA512
1171f83c88c2531e86fc64474568feecfc340cfa477183fe87c9df7b952a333afbd304c6b57bba44a8ba7b3d8dba95aba403c8bba8b7e0ef27ee36a8ffa2935b
-
SSDEEP
24576:0Wpc+G43nwqthqmmldpXoQ5IyXdLrgvHmrB:8+n3Hthqm9qgkB
Score10/10-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-