Overview

overview

10

Static

static

1

c33bdeb366...18.exe

windows7-x64

10

c33bdeb366...18.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c33bdeb366add979da8358ebfdfb6aa2_JaffaCakes118

  • Size

    323KB

  • Sample

    240826-sclefazdka

  • MD5

    c33bdeb366add979da8358ebfdfb6aa2

  • SHA1

    914416480c1e7e6ecbff4fee73714358f2017ce4

  • SHA256

    ea6e22b9a982aa171355c84fb43df42a314672c60315ee676b1289f1377968be

  • SHA512

    b6346e2086e9581cc6e1c3298c699b6f9d99264453881c66f36f5621f94776fa42b51adc6b908e8de3c3c63874741e84b15a811266c376104213904628d10eb0

  • SSDEEP

    6144:r4jKO3myYc9LKd15qYZZCSXvpaf3f5xmoEBjzMolaiTrm/k3:rpO3myYc9KpdCSBafPngC/k3

Score
10/10
bazarloaderdropperloader

Malware Config

Targets

    • Target

      c33bdeb366add979da8358ebfdfb6aa2_JaffaCakes118

    • Size

      323KB

    • MD5

      c33bdeb366add979da8358ebfdfb6aa2

    • SHA1

      914416480c1e7e6ecbff4fee73714358f2017ce4

    • SHA256

      ea6e22b9a982aa171355c84fb43df42a314672c60315ee676b1289f1377968be

    • SHA512

      b6346e2086e9581cc6e1c3298c699b6f9d99264453881c66f36f5621f94776fa42b51adc6b908e8de3c3c63874741e84b15a811266c376104213904628d10eb0

    • SSDEEP

      6144:r4jKO3myYc9LKd15qYZZCSXvpaf3f5xmoEBjzMolaiTrm/k3:rpO3myYc9KpdCSBafPngC/k3

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks