Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
16-08-2024 17:15
Static task
static1
Behavioral task
behavioral1
Sample
9f421930a783c17dafe643189661be58_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
9f421930a783c17dafe643189661be58_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
9f421930a783c17dafe643189661be58_JaffaCakes118.exe
-
Size
323KB
-
MD5
9f421930a783c17dafe643189661be58
-
SHA1
05b99f2bbf1ec8cb8d2e4e63ded03548ea49239b
-
SHA256
284e27af3b031e86213985cb444992eda7f5cabf8efc619f040c850c7adfc85e
-
SHA512
8f47cfcd3c423962104a27e866ae151799c4904c875fd2dab541af6777102953d5eedd5f996a96114ceeabc2cfd3118747e58ff7a8b938fc03e3a3057f9e5e1c
-
SSDEEP
6144:3I4KOympXst+asjCpeIFieYhUnUJSbH7rU/uWje6H9v2:3gOl9sGjY7uFmrzg9v2
Malware Config
Signatures
-
Bazar Loader 64 IoCs
Detected loader normally used to deploy BazarBackdoor malware.
description flow ioc 96 beegimbiggis.bazar 105 adfgjlahhgjr.bazar 131 aeegklaiggkr.bazar 176 cfehikcjghiq.bazar 249 dfeikldjgikr.bazar 259 ddggjkdhigjq.bazar 285 afggilajigir.bazar 297 acegklagggkr.bazar 302 ccgikkcgiikq.bazar 204 dceijkdggijq.bazar 126 cehgjmcijgjs.bazar 139 aeegikaiggiq.bazar 248 dfeikldjgikr.bazar 25 afegimajggis.bazar 30 bcegilbgggir.bazar 184 aefhikaihhiq.bazar 202 dceijkdggijq.bazar 247 dfeikldjgikr.bazar 94 beegimbiggis.bazar 241 aeggjlaiigjr.bazar 262 ddggjkdhigjq.bazar 326 acegkmagggks.bazar 38 aefgjkaihgjq.bazar 85 adfhjlahhhjr.bazar 119 affhkkajhhkq.bazar 125 cehgjmcijgjs.bazar 199 deehkmdighks.bazar 217 ddggjldhigjr.bazar 234 aeggjlaiigjr.bazar 49 dfehjkdjghjq.bazar 134 aeegklaiggkr.bazar 295 acegklagggkr.bazar 19 afegimajggis.bazar 261 ddggjkdhigjq.bazar 283 afggilajigir.bazar 299 ccgikkcgiikq.bazar 306 ceehklcighkr.bazar 54 ceggilciigir.bazar 113 bdghkkbhihkq.bazar 216 ddggjldhigjr.bazar 309 ceehklcighkr.bazar 46 dfehjkdjghjq.bazar 59 bdfhjkbhhhjq.bazar 103 adfgjlahhgjr.bazar 107 bdghkkbhihkq.bazar 147 bcghjkbgihjq.bazar 250 acfijkaghijq.bazar 303 ccgikkcgiikq.bazar 320 befijkbihijq.bazar 166 adgikkahiikq.bazar 203 dceijkdggijq.bazar 287 afggilajigir.bazar 288 afggilajigir.bazar HTTP URL 7 https://46.17.107.111/api/v202 70 bcfgjlbghgjr.bazar 112 bdghkkbhihkq.bazar 174 cfehikcjghiq.bazar 193 bcghklbgihkr.bazar 211 ddggjldhigjr.bazar 239 aeggjlaiigjr.bazar 273 bcfiilbghiir.bazar 73 bcfgjlbghgjr.bazar 79 cfehjlcjghjr.bazar 151 bcghjkbgihjq.bazar -
Bazar/Team9 Loader payload 3 IoCs
resource yara_rule behavioral1/memory/1732-6-0x0000000001F10000-0x0000000001F4A000-memory.dmp BazarLoaderVar4 behavioral1/memory/1732-4-0x0000000180000000-0x000000018003F000-memory.dmp BazarLoaderVar4 behavioral1/memory/1732-0-0x0000000001F50000-0x0000000001F8C000-memory.dmp BazarLoaderVar4 -
Tries to connect to .bazar domain 64 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
flow ioc 64 bdfhjkbhhhjq.bazar 97 beegimbiggis.bazar 240 aeggjlaiigjr.bazar 327 acegkmagggks.bazar 335 cdfhilchhhir.bazar 21 afegimajggis.bazar 22 afegimajggis.bazar 46 dfehjkdjghjq.bazar 133 aeegklaiggkr.bazar 147 bcghjkbgihjq.bazar 164 adgikkahiikq.bazar 220 deegjldiggjr.bazar 253 acfijkaghijq.bazar 296 acegklagggkr.bazar 321 befijkbihijq.bazar 34 aefgjkaihgjq.bazar 117 affhkkajhhkq.bazar 177 cfehikcjghiq.bazar 143 aeegikaiggiq.bazar 158 acfijlaghijr.bazar 286 afggilajigir.bazar 294 acegklagggkr.bazar 44 dfehjkdjghjq.bazar 56 ceggilciigir.bazar 180 aefhikaihhiq.bazar 248 dfeikldjgikr.bazar 271 bcfiilbghiir.bazar 276 bcfgilbghgir.bazar 151 bcghjkbgihjq.bazar 278 bcfgilbghgir.bazar 316 befijkbihijq.bazar 319 befijkbihijq.bazar 37 aefgjkaihgjq.bazar 63 bdfhjkbhhhjq.bazar 116 affhkkajhhkq.bazar 163 adgikkahiikq.bazar 170 cfehikcjghiq.bazar 279 bcfgilbghgir.bazar 23 afegimajggis.bazar 93 beegimbiggis.bazar 197 deehkmdighks.bazar 204 dceijkdggijq.bazar 223 deegjldiggjr.bazar 190 bcghklbgihkr.bazar 232 cefhjkcihhjq.bazar 246 dfeikldjgikr.bazar 261 ddggjkdhigjq.bazar 52 ceggilciigir.bazar 123 cehgjmcijgjs.bazar 203 dceijkdggijq.bazar 235 aeggjlaiigjr.bazar 256 acfijkaghijq.bazar 149 bcghjkbgihjq.bazar 193 bcghklbgihkr.bazar 195 deehkmdighks.bazar 89 adfhjlahhhjr.bazar 128 cehgjmcijgjs.bazar 205 dceijkdggijq.bazar 260 ddggjkdhigjq.bazar 274 bcfgilbghgir.bazar 288 afggilajigir.bazar 96 beegimbiggis.bazar 148 bcghjkbgihjq.bazar 218 deegjldiggjr.bazar -
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 193.183.98.66 Destination IP 94.16.114.254 Destination IP 151.80.222.79 Destination IP 176.126.70.119 Destination IP 195.10.195.195 Destination IP 151.80.222.79 Destination IP 51.254.25.115 Destination IP 192.71.245.208 Destination IP 195.10.195.195 Destination IP 51.254.25.115 Destination IP 192.71.245.208 Destination IP 193.183.98.66 Destination IP 195.10.195.195 Destination IP 192.71.245.208 Destination IP 51.254.25.115 Destination IP 192.71.245.208 Destination IP 193.183.98.66 Destination IP 176.126.70.119 Destination IP 193.183.98.66 Destination IP 176.126.70.119 Destination IP 95.174.65.241 Destination IP 51.254.25.115 Destination IP 176.126.70.119 Destination IP 176.126.70.119 Destination IP 192.71.245.208 Destination IP 192.71.245.208 Destination IP 193.183.98.66 Destination IP 95.174.65.241 Destination IP 193.183.98.66 Destination IP 193.183.98.66 Destination IP 51.254.25.115 Destination IP 176.126.70.119 Destination IP 95.174.65.241 Destination IP 193.183.98.66 Destination IP 151.80.222.79 Destination IP 95.174.65.241 Destination IP 51.254.25.115 Destination IP 193.183.98.66 Destination IP 151.80.222.79 Destination IP 151.80.222.79 Destination IP 192.71.245.208 Destination IP 193.183.98.66 Destination IP 51.254.25.115 Destination IP 193.183.98.66 Destination IP 94.16.114.254 Destination IP 176.126.70.119 Destination IP 51.254.25.115 Destination IP 94.16.114.254 Destination IP 151.80.222.79 Destination IP 195.10.195.195 Destination IP 195.10.195.195 Destination IP 151.80.222.79 Destination IP 192.71.245.208 Destination IP 51.254.25.115 Destination IP 151.80.222.79 Destination IP 195.10.195.195 Destination IP 192.71.245.208 Destination IP 94.16.114.254 Destination IP 94.16.114.254 Destination IP 151.80.222.79 Destination IP 95.174.65.241 Destination IP 195.10.195.195 Destination IP 94.16.114.254 Destination IP 192.71.245.208
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b