Overview

overview

10

Static

static

f3c6d7309f...f5.exe

windows7_x64

10

f3c6d7309f...f5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f3c6d7309f00cc7009bea4be6128f0af2ea6b87ab7a687d14092f85ccd35c1f5

  • Size

    194KB

  • Sample

    220220-any6kaehc9

  • MD5

    f990e4d13ae695e2f7a86c64919c53d7

  • SHA1

    9aa56f1dea9f3fffe5e585c645a44b3d911f8b9d

  • SHA256

    f3c6d7309f00cc7009bea4be6128f0af2ea6b87ab7a687d14092f85ccd35c1f5

  • SHA512

    b8f476a97abbdaf002fa80e67c78cdc8e43faedfc4d603557ad634eed371608bc1c7bcdb91580f0d5c68b419d32c65de1913193bef8158b01e529f71f5c5c186

Score
10/10
bazarbackdoorbackdoor

Malware Config

Targets

    • Target

      f3c6d7309f00cc7009bea4be6128f0af2ea6b87ab7a687d14092f85ccd35c1f5

    • Size

      194KB

    • MD5

      f990e4d13ae695e2f7a86c64919c53d7

    • SHA1

      9aa56f1dea9f3fffe5e585c645a44b3d911f8b9d

    • SHA256

      f3c6d7309f00cc7009bea4be6128f0af2ea6b87ab7a687d14092f85ccd35c1f5

    • SHA512

      b8f476a97abbdaf002fa80e67c78cdc8e43faedfc4d603557ad634eed371608bc1c7bcdb91580f0d5c68b419d32c65de1913193bef8158b01e529f71f5c5c186

    Score
    10/10
    bazarbackdoorbackdoor

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks