2020-10-15 (Thursday) - BazaLoader from Google Docs links

1. 2020-10-15 (THURSDAY) - BAZALOADER FROM GOOGLE DOCS LINKS
2.  
3. REFERENCE:
4.  
5. - https://twitter.com/James_inthe_box/status/1316779729299542017
6.  
7. GOOGLE DOCS LINK (CUSTOMER COMPLAINT REPORT):
8.  
9. - hxxps://docs.google[.]com/document/d/e/2PACX-1vTrci79cdf1ueJ1WqwH3L96hJ2i1XVV4Wr4TszuqQINDV_dY9Xk_Ys52Xhj9dpTT0UfftuKDA4SqhNz/pub
10.  
11. LINK TO DOWNLOAD BAZALOADER EXE:
12.  
13. - hxxps://public.3.basecamp[.]com/p/6WvTkPssC6sxWf7qM1jMhLiY/upload/download/Review_Report15-10.exe
14.  
15. BAZALOADER EXE:
16.  
17. - SHA256 hash: ed40a50e33fe55c38c9016d6a81fe28e3574998fc2661fdc68a85bd4e61bbe97
18. - File size: 2,864,312 bytes
19. - File name: Review_Report15-10.exe
20.  
21. SAMPLE SUBMITTED TO:
22.  
23. - https://app.any.run/tasks/e33ffcb0-351b-4a42-84b3-07e1939e3281
24. - https://capesandbox.com/submit/status/71566/
25. - https://bazaar.abuse.ch/sample/ed40a50e33fe55c38c9016d6a81fe28e3574998fc2661fdc68a85bd4e61bbe97/
26. - https://hybrid-analysis.com/sample/ed40a50e33fe55c38c9016d6a81fe28e3574998fc2661fdc68a85bd4e61bbe97
27.  
28. HTTPS INFECTION TRAFFIC (FROM ANY.RUN ANALYSIS):
29.  
30. - 54.245.74[.]151 port 443 - titlecs[.]com - HEAD /issues/282
31. - port 443 - microsoft.com - HEAD /maintenance.exe
32. - port 443 - www.microsoft.com - HEAD /maintenance.exe
33. - 54.245.74[.]151 port 443 - titlecs[.]com - GET /issues/284
34. - 18.188.194[.]80 port 443 - labelcs[.]com - GET /428d99134799a8bd0cba2a3977e4e8c5/4
35. - 18.188.194[.]80 port 443 - labelcs[.]com - POST /428d99134799a8bd0cba2a3977e4e8c5/4
36. - 18.188.194[.]80 port 443 - labelcs[.]com - POST /428d99134799a8bd0cba2a3977e4e8c5/4
37. - 18.188.194[.]80 port 443 - labelcs[.]com - GET /428d99134799a8bd0cba2a3977e4e8c5/2