bazarbackdoor | 3d95f3c7593fbd2ec871df09b32358bfbb7c524622beb5caa37d80e6a8d1f42b | Triage

Analysis

max time kernel
150s
max time network
148s
platform
windows10_x64
resource
win10v20201028
submitted
14-11-2020 17:56

Sharing

Report Analysis Logs

General

Target

3d95f3c7593fbd2ec871df09b32358bfbb7c524622beb5caa37d80e6a8d1f42b.exe
Size

243KB
MD5

31bd4a09f38d46045b1499e91366593a
SHA1

9facaa27daed9e7974963cb98638008c6b1d9c70
SHA256

3d95f3c7593fbd2ec871df09b32358bfbb7c524622beb5caa37d80e6a8d1f42b
SHA512

a6b5c7d4509c81dc8231fb9476789b3d956dc93936f826ee852897fe71c7e438dccdffdd08e79161c4147918241f9518dc6b335d2ce3044ac8b956dabb31b7d9

Score

10^/10

bazarbackdoor backdoor

Malware Config

Signatures

BazarBackdoor 1 IoCs
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
backdoor bazarbackdoor

Processes:

description flow ioc

HTTP URL 17 https://45.148.120.173/6ea5901ae1272735f9e012d6c17ecc4d/4

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

description	flow	ioc
HTTP URL	99	https://api.opennicproject.org/geoip/
HTTP URL	171	https://api.opennicproject.org/geoip/
HTTP URL	242	https://api.opennicproject.org/geoip/
HTTP URL	26	https://api.opennicproject.org/geoip/

C:\Users\Admin\AppData\Local\Temp\3d95f3c7593fbd2ec871df09b32358bfbb7c524622beb5caa37d80e6a8d1f42b.exe
"C:\Users\Admin\AppData\Local\Temp\3d95f3c7593fbd2ec871df09b32358bfbb7c524622beb5caa37d80e6a8d1f42b.exe"
1⤵
PID:3984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...