General

  • Target

    57e8ac3aec87c298a240dc0853747dd5.exe

  • Size

    274KB

  • Sample

    210409-r94df3qcy2

  • MD5

    57e8ac3aec87c298a240dc0853747dd5

  • SHA1

    02477a72571cdc7f83fa10d78873aebf7377df43

  • SHA256

    0fb0c5adab8984099449d207c2513cdd18d62d795e761cf4d3a70df6b2a0973b

  • SHA512

    778a284e0cfc62bbe954e5c635cc04766948dedd87d7ea14b8755bc0d43caf14fdbaed3148e17e09b7549dc31ee09768dac71db2bf8132e95ffc1e203bdbedf1

Malware Config

Targets

    • Target

      57e8ac3aec87c298a240dc0853747dd5.exe

    • Size

      274KB

    • MD5

      57e8ac3aec87c298a240dc0853747dd5

    • SHA1

      02477a72571cdc7f83fa10d78873aebf7377df43

    • SHA256

      0fb0c5adab8984099449d207c2513cdd18d62d795e761cf4d3a70df6b2a0973b

    • SHA512

      778a284e0cfc62bbe954e5c635cc04766948dedd87d7ea14b8755bc0d43caf14fdbaed3148e17e09b7549dc31ee09768dac71db2bf8132e95ffc1e203bdbedf1

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Bazar/Team9 Loader payload

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks