bazarbackdoor | dbe15556f3ead1477d262e504d1e9c63346ef7f4b368eaa7f9b9ec41ee24a91b | Triage

Analysis

max time kernel
150s
max time network
149s
platform
windows10_x64
resource
win10v20201028
submitted
08-11-2020 14:07

Sharing

Report Analysis Logs

General

Target

dbe15556f3ead1477d262e504d1e9c63346ef7f4b368eaa7f9b9ec41ee24a91b.exe
Size

138KB
MD5

f8a6a57565e96f36ad837adbc5e134b9
SHA1

f3a749602f84db021888f2c4dda1d2221697c9b0
SHA256

dbe15556f3ead1477d262e504d1e9c63346ef7f4b368eaa7f9b9ec41ee24a91b
SHA512

bebbddf4143faadd2f40377bde2bd3044b30132dcea6b47b791db6a98e5af431205243652d6bf51a3d08e5a59421c09aef03978eaa34e4dcba0390a787b2e588

Score

10^/10

bazarbackdoor backdoor

Malware Config

Signatures

BazarBackdoor 2 IoCs

Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

backdoor bazarbackdoor

Processes:

description	flow	ioc
HTTP URL	23	https://178.170.221.111/0145982651951962705622347565991739006783/2
HTTP URL	24	https://164.68.120.60/0145982651951962705622347565991739006783/2

Tries to connect to .bazar domain 64 IoCs

Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

Processes:

flow	ioc
252	ddehimdeghio.bazar
304	ddegkmdeggko.bazar
311	ddegkmdeggko.bazar
185	bdegjkbeggjm.bazar
260	ddehimdeghio.bazar
280	ddehimdeghio.bazar
299	ddehimdeghio.bazar
119	dcegjlddggjn.bazar
132	dcegjlddggjn.bazar
215	bdegjkbeggjm.bazar
130	dcegjlddggjn.bazar
165	bdegjkbeggjm.bazar
169	bdegjkbeggjm.bazar
188	bdegjkbeggjm.bazar
287	ddehimdeghio.bazar
181	bdegjkbeggjm.bazar
296	ddehimdeghio.bazar
325	ddegkmdeggko.bazar
160	dcegjlddggjn.bazar
236	ddehimdeghio.bazar
272	ddehimdeghio.bazar
317	ddegkmdeggko.bazar
222	bdegjkbeggjm.bazar
243	ddehimdeghio.bazar
168	bdegjkbeggjm.bazar
125	dcegjlddggjn.bazar
136	dcegjlddggjn.bazar
207	bdegjkbeggjm.bazar
244	ddehimdeghio.bazar
269	ddehimdeghio.bazar
276	ddehimdeghio.bazar
291	ddehimdeghio.bazar
313	ddegkmdeggko.bazar
163	bdegjkbeggjm.bazar
213	bdegjkbeggjm.bazar
216	bdegjkbeggjm.bazar
107	dcegjlddggjn.bazar
112	dcegjlddggjn.bazar
161	dcegjlddggjn.bazar
167	bdegjkbeggjm.bazar
170	bdegjkbeggjm.bazar
309	ddegkmdeggko.bazar
321	ddegkmdeggko.bazar
121	dcegjlddggjn.bazar
248	ddehimdeghio.bazar
173	bdegjkbeggjm.bazar
118	dcegjlddggjn.bazar
134	dcegjlddggjn.bazar
138	dcegjlddggjn.bazar
145	dcegjlddggjn.bazar
157	dcegjlddggjn.bazar
262	ddehimdeghio.bazar
323	ddegkmdeggko.bazar
98	dcegjlddggjn.bazar
148	dcegjlddggjn.bazar
192	bdegjkbeggjm.bazar
259	ddehimdeghio.bazar
104	dcegjlddggjn.bazar
195	bdegjkbeggjm.bazar
266	ddehimdeghio.bazar
283	ddehimdeghio.bazar
310	ddegkmdeggko.bazar
144	dcegjlddggjn.bazar
290	ddehimdeghio.bazar

C:\Users\Admin\AppData\Local\Temp\dbe15556f3ead1477d262e504d1e9c63346ef7f4b368eaa7f9b9ec41ee24a91b.exe
"C:\Users\Admin\AppData\Local\Temp\dbe15556f3ead1477d262e504d1e9c63346ef7f4b368eaa7f9b9ec41ee24a91b.exe"
1⤵
PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...