General
-
Target
458228b460f972d7935723acad55f9ba_JaffaCakes118
-
Size
1.2MB
-
Sample
240330-12wkpsff8v
-
MD5
458228b460f972d7935723acad55f9ba
-
SHA1
4ab23bbfa840acba573f2e585bbed01257e2aae3
-
SHA256
50561167909de0e777c5d81ef72d0981b996fe46df881ab34b9b106aabbe7560
-
SHA512
8eb9f924df291ec08dac78153cbc476b8927fe05e41118ece23392d0dce593f4a270792b106fed30d186cb83f42e3a540c28289e14e6e492fc526438891f7bf6
-
SSDEEP
24576:aAm1pTsWeU8tV+VwKYs1tRS+7SPFL3EOGTWqG5QVEzAJ24GOy2ipi8z71aaDpZBG:aAmbTsWeU8tV+VwKYs1tRX7SPFL3EOGQ
Malware Config
Targets
-
-
Target
1.dll
-
Size
1.1MB
-
MD5
730ca73a23dd70b2edf3712e4d03db1c
-
SHA1
48d8ff863d43bde2614ae387841135d1b33e66da
-
SHA256
bf58ef24dd79c02522163be7d8e523cecb2be8daf30e98fd6673d583cbc9e74b
-
SHA512
454b6caad5539489cbbce8efd34a2ec03b6ce38490c6c3d05f18c8825c1d70e98b1efc5974ebf92213c292d782e55abad2e1ddd0130d0ad7d2c33336a1c98f8a
-
SSDEEP
24576:4Am1pTsWeU8tV+VwKYs1tRS+7SPFL3EOGTWqG5QVEzAJ24GOy2ipi8z71aaDpZBG:4AmbTsWeU8tV+VwKYs1tRX7SPFL3EOGQ
Score10/10-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
-
-
Target
Documents.lnk
-
Size
1KB
-
MD5
db8f42a798dd65d9bd8398c3e2564f06
-
SHA1
7df618ca8e5e21faf19ece8c2470f62af8e4ea15
-
SHA256
59b77f3b8d2e7d72c61d522a2bcabbe0b47be3b73e1a4001cb763589a656134c
-
SHA512
3533442932c0a796de82668f334f264b6aac4f3552eef535caeda4bb7d4feeb7d1789c09424ac3de506a8438ab9d19713ce0272816c5d8b4dd8ae545bc862053
Score10/10-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-