Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
06-01-2025 16:03
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_2d0f22b8e1ba08e70ced7f66f80c42a1.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
JaffaCakes118_2d0f22b8e1ba08e70ced7f66f80c42a1.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
JaffaCakes118_2d0f22b8e1ba08e70ced7f66f80c42a1.dll
-
Size
840KB
-
MD5
2d0f22b8e1ba08e70ced7f66f80c42a1
-
SHA1
210bd6d49a73df1e72432c04b138f4eeba14b41d
-
SHA256
d1dbc03d8458655f99cf1a98a764ecf31067040d28c44f573a4ef0f47a5db714
-
SHA512
01d5d335c56dbe7ee85d699c4605e7a7a82288e004c952a86b05dbb3235f4eb1b082de08dbcd63190c1f7c0705730cb44449cff1dac9a131c059a66e78fde39f
-
SSDEEP
12288:U0DgYq89aJyKXwAmliposlBT0sVxVTJU7RnVhGqYtZsUSdEPGQ:U0DgRiUAzFsD35TJU7RnzS3sUcQ
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazarloader family
-
Bazar/Team9 Loader payload 3 IoCs
resource yara_rule behavioral2/memory/1588-1-0x0000000180000000-0x0000000180034000-memory.dmp BazarLoaderVar5 behavioral2/memory/1588-0-0x0000000180000000-0x0000000180034000-memory.dmp BazarLoaderVar5 behavioral2/memory/1588-2-0x0000000180000000-0x0000000180034000-memory.dmp BazarLoaderVar5 -
Tries to connect to .bazar domain 38 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
flow ioc 53 bluehail.bazar 61 emfuuhvu.bazar 78 emfuuhvu.bazar 91 emfuuhvu.bazar 109 ontuekuf.bazar 62 emfuuhvu.bazar 100 ontuekuf.bazar 68 emfuuhvu.bazar 86 emfuuhvu.bazar 96 emfuuhvu.bazar 101 ontuekuf.bazar 103 ontuekuf.bazar 65 emfuuhvu.bazar 82 emfuuhvu.bazar 90 emfuuhvu.bazar 97 ontuekuf.bazar 99 ontuekuf.bazar 102 ontuekuf.bazar 57 whitestorm9p.bazar 76 emfuuhvu.bazar 77 emfuuhvu.bazar 50 bluehail.bazar 60 emfuuhvu.bazar 106 ontuekuf.bazar 43 reddew28c.bazar 66 emfuuhvu.bazar 67 emfuuhvu.bazar 73 emfuuhvu.bazar 74 emfuuhvu.bazar 104 ontuekuf.bazar 105 ontuekuf.bazar 107 ontuekuf.bazar 56 whitestorm9p.bazar 59 emfuuhvu.bazar 83 emfuuhvu.bazar 87 emfuuhvu.bazar 92 emfuuhvu.bazar 108 ontuekuf.bazar -
Unexpected DNS network traffic destination 38 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 51.89.88.77 Destination IP 130.61.64.122 Destination IP 198.50.135.212 Destination IP 192.3.165.37 Destination IP 130.61.64.122 Destination IP 89.163.140.67 Destination IP 130.61.64.122 Destination IP 194.36.144.87 Destination IP 95.217.190.236 Destination IP 51.158.108.203 Destination IP 103.138.238.151 Destination IP 88.198.92.222 Destination IP 130.61.64.122 Destination IP 134.195.4.2 Destination IP 45.76.254.23 Destination IP 88.198.92.222 Destination IP 192.3.165.37 Destination IP 78.31.67.99 Destination IP 78.31.67.99 Destination IP 192.71.166.92 Destination IP 107.174.68.120 Destination IP 103.138.238.151 Destination IP 192.71.166.92 Destination IP 217.160.188.24 Destination IP 192.3.165.37 Destination IP 51.158.108.203 Destination IP 192.3.165.37 Destination IP 51.158.108.203 Destination IP 185.84.81.194 Destination IP 34.211.147.56 Destination IP 185.84.81.194 Destination IP 130.61.64.122 Destination IP 134.195.4.2 Destination IP 35.211.96.150 Destination IP 185.52.0.55 Destination IP 51.158.108.203 Destination IP 35.211.96.150 Destination IP 34.211.147.56