Overview

overview

10

Static

static

1

1acd4fde5b...18.exe

windows7-x64

10

1acd4fde5b...18.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1acd4fde5b0ef693deaee1584c0373ba_JaffaCakes118

  • Size

    303KB

  • Sample

    240728-wjpxzszenb

  • MD5

    1acd4fde5b0ef693deaee1584c0373ba

  • SHA1

    d65d225d23462b026d3def8a1ec79cc1f2c927d9

  • SHA256

    bb902ab59408d1f4b85cc88f99fbde34461a8a275ae91042350415d15a23fb04

  • SHA512

    7ba1ca8cc035d25f8d5ecc6f87ffbe83b066d6ddaf2123565fe140fdbfd2c304d99c95fa264729a7b2fd6124798c7ec520976f38f6dff849608b4378496b11cd

  • SSDEEP

    6144:rtEZOZw6WAzssPKf0srIHSo5e83dawkzuAjyd0ao:raZuw6WAtyf0xrdawcuAjIW

Score
10/10
bazarloaderdropperloader

Malware Config

Targets

    • Target

      1acd4fde5b0ef693deaee1584c0373ba_JaffaCakes118

    • Size

      303KB

    • MD5

      1acd4fde5b0ef693deaee1584c0373ba

    • SHA1

      d65d225d23462b026d3def8a1ec79cc1f2c927d9

    • SHA256

      bb902ab59408d1f4b85cc88f99fbde34461a8a275ae91042350415d15a23fb04

    • SHA512

      7ba1ca8cc035d25f8d5ecc6f87ffbe83b066d6ddaf2123565fe140fdbfd2c304d99c95fa264729a7b2fd6124798c7ec520976f38f6dff849608b4378496b11cd

    • SSDEEP

      6144:rtEZOZw6WAzssPKf0srIHSo5e83dawkzuAjyd0ao:raZuw6WAtyf0xrdawcuAjIW

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks