Overview

overview

10

Static

static

1

7abcb63b0a...18.exe

windows7-x64

10

7abcb63b0a...18.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7abcb63b0a632cdafa0c31a3acbec8e3_JaffaCakes118

  • Size

    427KB

  • Sample

    240731-bqfyfatcja

  • MD5

    7abcb63b0a632cdafa0c31a3acbec8e3

  • SHA1

    e2478aa9e42b3d79f3bd7eae9ad7edf8b17e36b3

  • SHA256

    50e7cac04c4d3f31241b93bec7db97abe98b7f0190f1ac2fbaf176300a0c8041

  • SHA512

    1d8bbb6e45adc20cda90daeff2cb93731e08a6a5ed5e78f50af28c174a91f3c37fb221fca60b005a805286950068ee4357aafae9448c07fca94a226b312cac06

  • SSDEEP

    6144:ezV2kSicmkeRnrzKKOUmyYc9LKd15qYZZCSXvpaf3f5xmoEBjzMolaiTrm/U:ez1czePOUmyYc9KpdCSBafPngC/U

Score
10/10
bazarloaderdropperloader

Malware Config

Targets

    • Target

      7abcb63b0a632cdafa0c31a3acbec8e3_JaffaCakes118

    • Size

      427KB

    • MD5

      7abcb63b0a632cdafa0c31a3acbec8e3

    • SHA1

      e2478aa9e42b3d79f3bd7eae9ad7edf8b17e36b3

    • SHA256

      50e7cac04c4d3f31241b93bec7db97abe98b7f0190f1ac2fbaf176300a0c8041

    • SHA512

      1d8bbb6e45adc20cda90daeff2cb93731e08a6a5ed5e78f50af28c174a91f3c37fb221fca60b005a805286950068ee4357aafae9448c07fca94a226b312cac06

    • SSDEEP

      6144:ezV2kSicmkeRnrzKKOUmyYc9LKd15qYZZCSXvpaf3f5xmoEBjzMolaiTrm/U:ez1czePOUmyYc9KpdCSBafPngC/U

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks