Overview

overview

10

Static

static

1

951acc18e4...18.exe

windows7-x64

10

951acc18e4...18.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    951acc18e4f14471f49235327e0c1ccc_JaffaCakes118

  • Size

    569KB

  • Sample

    240604-rdc9saac73

  • MD5

    951acc18e4f14471f49235327e0c1ccc

  • SHA1

    7fbe0b3af47957234f3fe22ae9de37ea7416c573

  • SHA256

    09557d538aee094d168a4b4fb5174d742fe81dd59dd27e2eee078fb3f10d9017

  • SHA512

    779b99299928b64eb777cec3c92364e1e7bb30f6192a88773d2521c6dc3a5000062a26418069819e4590b85d717041553aed214dc4ac68fa74825f6b565e25f7

  • SSDEEP

    6144:wV11/Zb2BpZwQwu24P02TbE4xVP30UgvzVUc:wv1/Z3Q0WE4f/3yZN

Score
10/10
bazarloaderdropperloader

Malware Config

Targets

    • Target

      951acc18e4f14471f49235327e0c1ccc_JaffaCakes118

    • Size

      569KB

    • MD5

      951acc18e4f14471f49235327e0c1ccc

    • SHA1

      7fbe0b3af47957234f3fe22ae9de37ea7416c573

    • SHA256

      09557d538aee094d168a4b4fb5174d742fe81dd59dd27e2eee078fb3f10d9017

    • SHA512

      779b99299928b64eb777cec3c92364e1e7bb30f6192a88773d2521c6dc3a5000062a26418069819e4590b85d717041553aed214dc4ac68fa74825f6b565e25f7

    • SSDEEP

      6144:wV11/Zb2BpZwQwu24P02TbE4xVP30UgvzVUc:wv1/Z3Q0WE4f/3yZN

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks