Overview

overview

10

Static

static

def6bfcf7c...le.exe

windows7_x64

10

def6bfcf7c...le.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    def6bfcf7cb0b0e3bfdfdf5857e9823fdf133f586a7addd1b76e94c946006b26.bin.sample

  • Size

    206KB

  • Sample

    210928-lqs8wabfaq

  • MD5

    624acfbb640b05a586ecf7e3f8db85d0

  • SHA1

    d08a1af53d0eadb8ae83e61179992d3b5a89c714

  • SHA256

    def6bfcf7cb0b0e3bfdfdf5857e9823fdf133f586a7addd1b76e94c946006b26

  • SHA512

    ff77c06a0929906d9d370bc4925fb576209c80bad2c48f68bf0a4696eece51b585b4abe6d59c12b6f5f3c7bf75195161f0eae86a8284e2e153ef02b7914bf4dc

Score
10/10
bazarbackdoorbazarloaderbackdoordropperloader

Malware Config

Targets

    • Target

      def6bfcf7cb0b0e3bfdfdf5857e9823fdf133f586a7addd1b76e94c946006b26.bin.sample

    • Size

      206KB

    • MD5

      624acfbb640b05a586ecf7e3f8db85d0

    • SHA1

      d08a1af53d0eadb8ae83e61179992d3b5a89c714

    • SHA256

      def6bfcf7cb0b0e3bfdfdf5857e9823fdf133f586a7addd1b76e94c946006b26

    • SHA512

      ff77c06a0929906d9d370bc4925fb576209c80bad2c48f68bf0a4696eece51b585b4abe6d59c12b6f5f3c7bf75195161f0eae86a8284e2e153ef02b7914bf4dc

    Score
    10/10
    bazarbackdoorbazarloaderbackdoordropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks