General
-
Target
https://samples.vx-underground.org/Samples/Bazaar%20Collection/Downloadable%20Releases/Bazaar.2020.11.7z
-
Sample
240524-q2bkesga3z
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://samples.vx-underground.org/Samples/Bazaar%20Collection/Downloadable%20Releases/Bazaar.2020.11.7z
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
0.6.4
HacKed
vaidavidaloka.ddns.net:1177
ca6ff4fc9d6b2752fedce063008c697a
-
reg_key
ca6ff4fc9d6b2752fedce063008c697a
-
splitter
|'|'|
Extracted
dridex
10555
162.241.44.26:9443
192.232.229.53:4443
77.220.64.34:443
193.90.12.121:3098
Extracted
darkcomet
User
192.168.1.64:1604
DC_MUTEX-2WZDLL7
-
InstallPath
WindowsDefender\WindowsDefender.exe
-
gencode
xHRv8hCk4XTC
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
WindowsDefender
Extracted
lokibot
http://195.69.140.147/.op/cr.php/LmsLTZuq9k7Zs
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
http://1filesharing.ga/clue/gate.php
Extracted
njrat
0.7d
victim
kallnot0011.ddns.net:5214
360e204e31093d5501377cd62d0c77a8
-
reg_key
360e204e31093d5501377cd62d0c77a8
-
splitter
|'|'|
Extracted
njrat
0.7d
HacKed
bellzada123.ddns.net:2222
d941a381a9a94c94ccba61bb9d36aefe
-
reg_key
d941a381a9a94c94ccba61bb9d36aefe
-
splitter
|'|'|
Targets
-
-
Target
https://samples.vx-underground.org/Samples/Bazaar%20Collection/Downloadable%20Releases/Bazaar.2020.11.7z
-
Cobalt Strike reflective loader
Detects the reflective loader used by Cobalt Strike.
-
Gh0st RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
XMRig Miner payload
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-