General
-
Target
a0d0cfa8bf0bc5b8f769d8b64eab22d308b108dd8a4d59872946d69c3f8c58a5
-
Size
226KB
-
Sample
220220-egcffagde7
-
MD5
8371ab023e4eb1f385926ad619d109b4
-
SHA1
2626c4c76b62f8a93a6629e020f32d0e07508268
-
SHA256
a0d0cfa8bf0bc5b8f769d8b64eab22d308b108dd8a4d59872946d69c3f8c58a5
-
SHA512
277637bce38e6c8859117e818410338a2509c103b6cb766771c8902fe6bd5bda5f769b6b48bef2c5b1b5b821912a95e6097abeb24d24a155e5c685b611c4e810
Malware Config
Targets
-
-
Target
a0d0cfa8bf0bc5b8f769d8b64eab22d308b108dd8a4d59872946d69c3f8c58a5
-
Size
226KB
-
MD5
8371ab023e4eb1f385926ad619d109b4
-
SHA1
2626c4c76b62f8a93a6629e020f32d0e07508268
-
SHA256
a0d0cfa8bf0bc5b8f769d8b64eab22d308b108dd8a4d59872946d69c3f8c58a5
-
SHA512
277637bce38e6c8859117e818410338a2509c103b6cb766771c8902fe6bd5bda5f769b6b48bef2c5b1b5b821912a95e6097abeb24d24a155e5c685b611c4e810
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-