Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-11-2020 18:08
Static task
static1
Behavioral task
behavioral1
Sample
1e0f0349d312393bee045538542709b0186c3bee16c1dae91b01f46f4b3b2e57.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1e0f0349d312393bee045538542709b0186c3bee16c1dae91b01f46f4b3b2e57.exe
Resource
win10v20201028
General
-
Target
1e0f0349d312393bee045538542709b0186c3bee16c1dae91b01f46f4b3b2e57.exe
-
Size
243KB
-
MD5
a01724a2fe6b05ddaf48847614d2a0a5
-
SHA1
c72ce454ff58e06e82393924fc1f382688020b76
-
SHA256
1e0f0349d312393bee045538542709b0186c3bee16c1dae91b01f46f4b3b2e57
-
SHA512
076a4da695ff848298438ee97f4911e99d4366b0a728d6a9283473eb2ca4d1aa659f6b19206a95cce0613f97874e3bda3bc62089e4a583f8ad672437aa17b823
Malware Config
Signatures
-
BazarBackdoor 1 IoCs
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
Processes:
description flow ioc HTTP URL 17 https://45.148.120.173/6ea5901ae1272735f9e012d6c17ecc4d/4 -
Looks up external IP address via web service 5 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
description flow ioc HTTP URL 26 https://api.opennicproject.org/geoip/ HTTP URL 99 https://api.opennicproject.org/geoip/ HTTP URL 170 https://api.opennicproject.org/geoip/ HTTP URL 241 https://api.opennicproject.org/geoip/ HTTP URL 312 https://api.opennicproject.org/geoip/