General
-
Target
8f552e9ca2bedd90ce9935a665758d5de2e86b6fda32d98918534a8a5881f91a
-
Size
194KB
-
Sample
220220-e91nqshgfm
-
MD5
3176c4a2755ae00f4fffe079608c7b25
-
SHA1
907e4c2f6c59b66b5ffa55bdde18f9c39c542fc8
-
SHA256
8f552e9ca2bedd90ce9935a665758d5de2e86b6fda32d98918534a8a5881f91a
-
SHA512
96b3c53debd0c6e4294003fb08092313008a3d788b7df7df91a6d0fbf25fab83f9ec2abd2acaca645252d9f09f069c1d12a2d61d33782ec607fd8683bafbe957
Static task
static1
Behavioral task
behavioral1
Sample
8f552e9ca2bedd90ce9935a665758d5de2e86b6fda32d98918534a8a5881f91a.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
8f552e9ca2bedd90ce9935a665758d5de2e86b6fda32d98918534a8a5881f91a.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
8f552e9ca2bedd90ce9935a665758d5de2e86b6fda32d98918534a8a5881f91a
-
Size
194KB
-
MD5
3176c4a2755ae00f4fffe079608c7b25
-
SHA1
907e4c2f6c59b66b5ffa55bdde18f9c39c542fc8
-
SHA256
8f552e9ca2bedd90ce9935a665758d5de2e86b6fda32d98918534a8a5881f91a
-
SHA512
96b3c53debd0c6e4294003fb08092313008a3d788b7df7df91a6d0fbf25fab83f9ec2abd2acaca645252d9f09f069c1d12a2d61d33782ec607fd8683bafbe957
-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
suricata: ET MALWARE Observed Malicious DNS Query (BazarLoader/Team9 Backdoor CnC Domain)
suricata: ET MALWARE Observed Malicious DNS Query (BazarLoader/Team9 Backdoor CnC Domain)
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-