Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-11-2020 17:56
Static task
static1
Behavioral task
behavioral1
Sample
3d95f3c7593fbd2ec871df09b32358bfbb7c524622beb5caa37d80e6a8d1f42b.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
3d95f3c7593fbd2ec871df09b32358bfbb7c524622beb5caa37d80e6a8d1f42b.exe
Resource
win10v20201028
General
-
Target
3d95f3c7593fbd2ec871df09b32358bfbb7c524622beb5caa37d80e6a8d1f42b.exe
-
Size
243KB
-
MD5
31bd4a09f38d46045b1499e91366593a
-
SHA1
9facaa27daed9e7974963cb98638008c6b1d9c70
-
SHA256
3d95f3c7593fbd2ec871df09b32358bfbb7c524622beb5caa37d80e6a8d1f42b
-
SHA512
a6b5c7d4509c81dc8231fb9476789b3d956dc93936f826ee852897fe71c7e438dccdffdd08e79161c4147918241f9518dc6b335d2ce3044ac8b956dabb31b7d9
Malware Config
Signatures
-
BazarBackdoor 1 IoCs
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
Processes:
description flow ioc HTTP URL 17 https://45.148.120.173/6ea5901ae1272735f9e012d6c17ecc4d/4 -
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
description flow ioc HTTP URL 99 https://api.opennicproject.org/geoip/ HTTP URL 171 https://api.opennicproject.org/geoip/ HTTP URL 242 https://api.opennicproject.org/geoip/ HTTP URL 26 https://api.opennicproject.org/geoip/