General
-
Target
7c8cb852b333986ff59da438533975ed_JaffaCakes118
-
Size
497KB
-
Sample
240401-2sb1dahc6x
-
MD5
7c8cb852b333986ff59da438533975ed
-
SHA1
cd17f87ecccd8f2e834e98d380a6447e15552467
-
SHA256
7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd
-
SHA512
1209377412de2b7d0ca2000a71ebcc178e006510e600a7fafa4e05a31d4801b0215d252b1aebea9c919fde9e8bea8f5cf918f0053c86d81b5c91422d8f7bcbe7
-
SSDEEP
6144:cmli7eD8H0QDkZWj4LWYBiykgLrgCwr2dzohwTBbblr98sgocBKZ9tmGl246k:Lb8UQDkjk6rCIoqTd/gBm9tmT46k
Malware Config
Targets
-
-
Target
7c8cb852b333986ff59da438533975ed_JaffaCakes118
-
Size
497KB
-
MD5
7c8cb852b333986ff59da438533975ed
-
SHA1
cd17f87ecccd8f2e834e98d380a6447e15552467
-
SHA256
7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd
-
SHA512
1209377412de2b7d0ca2000a71ebcc178e006510e600a7fafa4e05a31d4801b0215d252b1aebea9c919fde9e8bea8f5cf918f0053c86d81b5c91422d8f7bcbe7
-
SSDEEP
6144:cmli7eD8H0QDkZWj4LWYBiykgLrgCwr2dzohwTBbblr98sgocBKZ9tmGl246k:Lb8UQDkjk6rCIoqTd/gBm9tmT46k
Score10/10-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-