General
-
Target
6ccf11aecc3b829698cdf1972f5d8732
-
Size
1.2MB
-
Sample
240121-j7e2gahhh6
-
MD5
6ccf11aecc3b829698cdf1972f5d8732
-
SHA1
983f34b013186bdb199692022f5f1b84db37765e
-
SHA256
dbcc44b0fc980a62f0d950b32634d5d2d03785a0e7b7659cc3f2bf220d6c3f10
-
SHA512
8b723631a08aafcb4ff20d1460d7740ca5ab2dc7c97528e986201b35bef542fe34061748b984cb4cfeb0f56e36a4362b55cc66e4ca4f065198295b42f671fa83
-
SSDEEP
12288:6yWeahQ/LWnzkXz5HYrniajhuSlHJzJBlPXXo/6aNdCaBSPZC1XZV72BZ:HWeaZzqY7dhBjz/lfo/FIyXv72BZ
Static task
static1
Behavioral task
behavioral1
Sample
6ccf11aecc3b829698cdf1972f5d8732.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6ccf11aecc3b829698cdf1972f5d8732.dll
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
6ccf11aecc3b829698cdf1972f5d8732
-
Size
1.2MB
-
MD5
6ccf11aecc3b829698cdf1972f5d8732
-
SHA1
983f34b013186bdb199692022f5f1b84db37765e
-
SHA256
dbcc44b0fc980a62f0d950b32634d5d2d03785a0e7b7659cc3f2bf220d6c3f10
-
SHA512
8b723631a08aafcb4ff20d1460d7740ca5ab2dc7c97528e986201b35bef542fe34061748b984cb4cfeb0f56e36a4362b55cc66e4ca4f065198295b42f671fa83
-
SSDEEP
12288:6yWeahQ/LWnzkXz5HYrniajhuSlHJzJBlPXXo/6aNdCaBSPZC1XZV72BZ:HWeaZzqY7dhBjz/lfo/FIyXv72BZ
Score10/10-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-