malware_traffic

2020-10-15 (Thursday) - BazaLoader from Google Docs links

Oct 15th, 2020 (edited)
1,498
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2020-10-15 (THURSDAY) - BAZALOADER FROM GOOGLE DOCS LINKS
  2.  
  3. REFERENCE:
  4.  
  5. - https://twitter.com/James_inthe_box/status/1316779729299542017
  6.  
  7. GOOGLE DOCS LINK (CUSTOMER COMPLAINT REPORT):
  8.  
  9. - hxxps://docs.google[.]com/document/d/e/2PACX-1vTrci79cdf1ueJ1WqwH3L96hJ2i1XVV4Wr4TszuqQINDV_dY9Xk_Ys52Xhj9dpTT0UfftuKDA4SqhNz/pub
  10.  
  11. LINK TO DOWNLOAD BAZALOADER EXE:
  12.  
  13. - hxxps://public.3.basecamp[.]com/p/6WvTkPssC6sxWf7qM1jMhLiY/upload/download/Review_Report15-10.exe
  14.  
  15. BAZALOADER EXE:
  16.  
  17. - SHA256 hash: ed40a50e33fe55c38c9016d6a81fe28e3574998fc2661fdc68a85bd4e61bbe97
  18. - File size: 2,864,312 bytes
  19. - File name: Review_Report15-10.exe
  20.  
  21. SAMPLE SUBMITTED TO:
  22.  
  23. - https://app.any.run/tasks/e33ffcb0-351b-4a42-84b3-07e1939e3281
  24. - https://capesandbox.com/submit/status/71566/
  25. - https://bazaar.abuse.ch/sample/ed40a50e33fe55c38c9016d6a81fe28e3574998fc2661fdc68a85bd4e61bbe97/
  26. - https://hybrid-analysis.com/sample/ed40a50e33fe55c38c9016d6a81fe28e3574998fc2661fdc68a85bd4e61bbe97
  27.  
  28. HTTPS INFECTION TRAFFIC (FROM ANY.RUN ANALYSIS):
  29.  
  30. - 54.245.74[.]151 port 443 - titlecs[.]com - HEAD /issues/282
  31. - port 443 - microsoft.com - HEAD /maintenance.exe
  32. - port 443 - www.microsoft.com - HEAD /maintenance.exe
  33. - 54.245.74[.]151 port 443 - titlecs[.]com - GET /issues/284
  34. - 18.188.194[.]80 port 443 - labelcs[.]com - GET /428d99134799a8bd0cba2a3977e4e8c5/4
  35. - 18.188.194[.]80 port 443 - labelcs[.]com - POST /428d99134799a8bd0cba2a3977e4e8c5/4
  36. - 18.188.194[.]80 port 443 - labelcs[.]com - POST /428d99134799a8bd0cba2a3977e4e8c5/4
  37. - 18.188.194[.]80 port 443 - labelcs[.]com - GET /428d99134799a8bd0cba2a3977e4e8c5/2
RAW Paste Data