bazarbackdoor | 8f552e9ca2bedd90ce9935a665758d5de2e86b6fda32d98918534a8a5881f91a | Triage

Submit
Reports

Overview

overview

Static

static

8f552e9ca2...1a.exe

windows7_x64

8f552e9ca2...1a.exe

windows10-2004_x64

Sharing

General

Target

8f552e9ca2bedd90ce9935a665758d5de2e86b6fda32d98918534a8a5881f91a
Size

194KB
Sample

220220-e91nqshgfm
MD5

3176c4a2755ae00f4fffe079608c7b25
SHA1

907e4c2f6c59b66b5ffa55bdde18f9c39c542fc8
SHA256

8f552e9ca2bedd90ce9935a665758d5de2e86b6fda32d98918534a8a5881f91a
SHA512

96b3c53debd0c6e4294003fb08092313008a3d788b7df7df91a6d0fbf25fab83f9ec2abd2acaca645252d9f09f069c1d12a2d61d33782ec607fd8683bafbe957

Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader suricata

Static task

static1

Behavioral task

behavioral1

Sample

8f552e9ca2bedd90ce9935a665758d5de2e86b6fda32d98918534a8a5881f91a.exe

Resource

win7-en-20211208

bazarbackdoor bazarloader backdoor dropper loader suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8f552e9ca2bedd90ce9935a665758d5de2e86b6fda32d98918534a8a5881f91a.exe

Resource

win10v2004-en-20220113

bazarbackdoor bazarloader backdoor dropper loader suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  8f552e9ca2bedd90ce9935a665758d5de2e86b6fda32d98918534a8a5881f91a
- Size
  
  194KB
- MD5
  
  3176c4a2755ae00f4fffe079608c7b25
- SHA1
  
  907e4c2f6c59b66b5ffa55bdde18f9c39c542fc8
- SHA256
  
  8f552e9ca2bedd90ce9935a665758d5de2e86b6fda32d98918534a8a5881f91a
- SHA512
  
  96b3c53debd0c6e4294003fb08092313008a3d788b7df7df91a6d0fbf25fab83f9ec2abd2acaca645252d9f09f069c1d12a2d61d33782ec607fd8683bafbe957
Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader suricata
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- suricata: ET MALWARE Observed Malicious DNS Query (BazarLoader/Team9 Backdoor CnC Domain)
  suricata: ET MALWARE Observed Malicious DNS Query (BazarLoader/Team9 Backdoor CnC Domain)
  suricata
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bazarbackdoorbazarloaderbackdoordropperloadersuricata

behavioral2

bazarbackdoorbazarloaderbackdoordropperloadersuricata

© 2018-2024

Terms | Privacy