61968c8debeae1e415a485c0b4d79b46

General
Target

61968c8debeae1e415a485c0b4d79b46

Size

285KB

Sample

210401-sdp73sx59a

Score
10 /10
MD5

61968c8debeae1e415a485c0b4d79b46

SHA1

59dd3058a18f6fe59a3951c6f119aaf89d52e30f

SHA256

65b652b99cd7ed6bd82bd0f258b03a483e0da9f3314b67fe9728eca76c3d59a2

SHA512

15ceac84b2a148eab343f2b7efdee863cf1d97c623592e52c02772d3e498e4c3fae4d8432c21a86dfa66c122e783d71e833218483e05e06016da56432434863e

Malware Config
Targets
Target

61968c8debeae1e415a485c0b4d79b46

MD5

61968c8debeae1e415a485c0b4d79b46

Filesize

285KB

Score
10 /10
SHA1

59dd3058a18f6fe59a3951c6f119aaf89d52e30f

SHA256

65b652b99cd7ed6bd82bd0f258b03a483e0da9f3314b67fe9728eca76c3d59a2

SHA512

15ceac84b2a148eab343f2b7efdee863cf1d97c623592e52c02772d3e498e4c3fae4d8432c21a86dfa66c122e783d71e833218483e05e06016da56432434863e

Tags

Signatures

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

    Tags

  • Bazar/Team9 Loader payload

  • Tries to connect to .bazar domain

    Description

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10