bazarbackdoor | 1e0f0349d312393bee045538542709b0186c3bee16c1dae91b01f46f4b3b2e57 | Triage

Analysis

max time kernel
150s
max time network
151s
platform
windows10_x64
resource
win10v20201028
submitted
14-11-2020 18:08

Sharing

Report Analysis Logs

General

Target

1e0f0349d312393bee045538542709b0186c3bee16c1dae91b01f46f4b3b2e57.exe
Size

243KB
MD5

a01724a2fe6b05ddaf48847614d2a0a5
SHA1

c72ce454ff58e06e82393924fc1f382688020b76
SHA256

1e0f0349d312393bee045538542709b0186c3bee16c1dae91b01f46f4b3b2e57
SHA512

076a4da695ff848298438ee97f4911e99d4366b0a728d6a9283473eb2ca4d1aa659f6b19206a95cce0613f97874e3bda3bc62089e4a583f8ad672437aa17b823

Score

10^/10

bazarbackdoor backdoor

Malware Config

Signatures

BazarBackdoor 1 IoCs
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
backdoor bazarbackdoor

Processes:

description flow ioc

HTTP URL 17 https://45.148.120.173/6ea5901ae1272735f9e012d6c17ecc4d/4

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

description	flow	ioc
HTTP URL	26	https://api.opennicproject.org/geoip/
HTTP URL	99	https://api.opennicproject.org/geoip/
HTTP URL	170	https://api.opennicproject.org/geoip/
HTTP URL	241	https://api.opennicproject.org/geoip/
HTTP URL	312	https://api.opennicproject.org/geoip/

C:\Users\Admin\AppData\Local\Temp\1e0f0349d312393bee045538542709b0186c3bee16c1dae91b01f46f4b3b2e57.exe
"C:\Users\Admin\AppData\Local\Temp\1e0f0349d312393bee045538542709b0186c3bee16c1dae91b01f46f4b3b2e57.exe"
1⤵
PID:412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...