General
-
Target
bakjr.exe
-
Size
248KB
-
Sample
240315-hm713scd69
-
MD5
bb5ef523f0bf243790b6c67dd77ee986
-
SHA1
cbfe325c2101c5f76a3675b23b459eeb641eecb6
-
SHA256
c51bf8c74311b8941dca2f63a0850e61c1058af6af0ac42d81c2d85cd64d37cb
-
SHA512
eb9ffe004187d6174cf0cc2f85184e5a524546e1bc7139c1f16147049eadbd92f94818ea618370450779753c87d8349efe255244eef2450e16f9446799cdeef2
-
SSDEEP
6144:dL8d+BxlwJG25dgtNZfWjBVyRaViIboK:diilKG2ypWjBwjIsK
Static task
static1
Behavioral task
behavioral1
Sample
bakjr.exe
Resource
win10-20240221-en
Malware Config
Targets
-
-
Target
bakjr.exe
-
Size
248KB
-
MD5
bb5ef523f0bf243790b6c67dd77ee986
-
SHA1
cbfe325c2101c5f76a3675b23b459eeb641eecb6
-
SHA256
c51bf8c74311b8941dca2f63a0850e61c1058af6af0ac42d81c2d85cd64d37cb
-
SHA512
eb9ffe004187d6174cf0cc2f85184e5a524546e1bc7139c1f16147049eadbd92f94818ea618370450779753c87d8349efe255244eef2450e16f9446799cdeef2
-
SSDEEP
6144:dL8d+BxlwJG25dgtNZfWjBVyRaViIboK:diilKG2ypWjBwjIsK
Score10/10-
Bazar/Team9 Loader payload
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-