bazarbackdoor | 2972b116d8c69b1bbd8eba7b7fa0e0caedcfe92cab72f8cdbcf92c541e1471ca | Triage

Analysis

max time kernel
132s
max time network
132s
platform
windows10_x64
resource
win10
submitted
26-10-2020 19:46

Sharing

Report Analysis Logs

General

Target

bazabackdoor_10262020.bin.exe
Size

246KB
MD5

0f3dd10cd33e66dc22d25e375fabf1b6
SHA1

d3cbc9d33c878a31133a2d3b2a0306bf666c0d3e
SHA256

2972b116d8c69b1bbd8eba7b7fa0e0caedcfe92cab72f8cdbcf92c541e1471ca
SHA512

75ab97c0ccc5a73c8cc06bf1c3db1379c8922050630dea189b05586b225d271ab7419b3d9cd618e901b1242ba04aa0b4f084741391c636abe9bf121766e3454f

Score

10^/10

backdoor bazarbackdoor

Malware Config

Signatures

BazarBackdoor 4 IoCs

Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

backdoor bazarbackdoor

Processes:

description	flow	ioc
HTTP URL	7	https://lmnab.xyz/52bc95c2c7fb237dde9619460259bd9f/4
HTTP URL	11	https://lmnab.xyz/52bc95c2c7fb237dde9619460259bd9f/4
HTTP URL	14	https://lmnab.xyz/52bc95c2c7fb237dde9619460259bd9f/4
HTTP URL	16	https://lmnab.xyz/52bc95c2c7fb237dde9619460259bd9f/2

C:\Users\Admin\AppData\Local\Temp\bazabackdoor_10262020.bin.exe
"C:\Users\Admin\AppData\Local\Temp\bazabackdoor_10262020.bin.exe"
1⤵
PID:8

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...