Overview

overview

10

Static

static

3

f8fc113257...18.dll

windows7-x64

10

f8fc113257...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8fc113257931a242e05e8ff1bbf6f4e_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240418-3feq6sba8y

  • MD5

    f8fc113257931a242e05e8ff1bbf6f4e

  • SHA1

    7ceba552d12287198835472c7f56132a56568c7d

  • SHA256

    3a1434c46c588441cecde2d684b320ac38473c775449def61affc37a1a57eeea

  • SHA512

    dd7218dd2194d44d66579d5100e11236d86ec4eea2549e4daf1ee893c338f7f1d6487c75acd6cdc7395783db073feca074e7e87d59c2f0ab40b12f048760c558

  • SSDEEP

    24576:0Wpc+G43nwqthqmmldpXoQ5IyXdLrgvHmrc:8+n3Hthqm9qgkc

Score
10/10
bazarloaderdropperloader

Malware Config

Targets

    • Target

      f8fc113257931a242e05e8ff1bbf6f4e_JaffaCakes118

    • Size

      1.2MB

    • MD5

      f8fc113257931a242e05e8ff1bbf6f4e

    • SHA1

      7ceba552d12287198835472c7f56132a56568c7d

    • SHA256

      3a1434c46c588441cecde2d684b320ac38473c775449def61affc37a1a57eeea

    • SHA512

      dd7218dd2194d44d66579d5100e11236d86ec4eea2549e4daf1ee893c338f7f1d6487c75acd6cdc7395783db073feca074e7e87d59c2f0ab40b12f048760c558

    • SSDEEP

      24576:0Wpc+G43nwqthqmmldpXoQ5IyXdLrgvHmrc:8+n3Hthqm9qgkc

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks