General
-
Target
f8fc113257931a242e05e8ff1bbf6f4e_JaffaCakes118
-
Size
1.2MB
-
Sample
240418-3feq6sba8y
-
MD5
f8fc113257931a242e05e8ff1bbf6f4e
-
SHA1
7ceba552d12287198835472c7f56132a56568c7d
-
SHA256
3a1434c46c588441cecde2d684b320ac38473c775449def61affc37a1a57eeea
-
SHA512
dd7218dd2194d44d66579d5100e11236d86ec4eea2549e4daf1ee893c338f7f1d6487c75acd6cdc7395783db073feca074e7e87d59c2f0ab40b12f048760c558
-
SSDEEP
24576:0Wpc+G43nwqthqmmldpXoQ5IyXdLrgvHmrc:8+n3Hthqm9qgkc
Malware Config
Targets
-
-
Target
f8fc113257931a242e05e8ff1bbf6f4e_JaffaCakes118
-
Size
1.2MB
-
MD5
f8fc113257931a242e05e8ff1bbf6f4e
-
SHA1
7ceba552d12287198835472c7f56132a56568c7d
-
SHA256
3a1434c46c588441cecde2d684b320ac38473c775449def61affc37a1a57eeea
-
SHA512
dd7218dd2194d44d66579d5100e11236d86ec4eea2549e4daf1ee893c338f7f1d6487c75acd6cdc7395783db073feca074e7e87d59c2f0ab40b12f048760c558
-
SSDEEP
24576:0Wpc+G43nwqthqmmldpXoQ5IyXdLrgvHmrc:8+n3Hthqm9qgkc
Score10/10-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-