General
-
Target
3fe61d87c9454554b0ce9101f95e18abad8ac6c62dcc88dc651ddfb20568e060
-
Size
193KB
-
Sample
220220-j1fz7abdfl
-
MD5
c166858685bf0db063121601af5cf46e
-
SHA1
dae542dab856c85ce3352374aa01814ea5494b5e
-
SHA256
3fe61d87c9454554b0ce9101f95e18abad8ac6c62dcc88dc651ddfb20568e060
-
SHA512
494e0f3eecba708a557d01e34b40b645eb65ec2cc537f6f5d1c09d0654653ca9de33c14f9b7816d4354a37587ebd6e91f8a10e7cec1b102a1baedae107b1f72d
Malware Config
Targets
-
-
Target
3fe61d87c9454554b0ce9101f95e18abad8ac6c62dcc88dc651ddfb20568e060
-
Size
193KB
-
MD5
c166858685bf0db063121601af5cf46e
-
SHA1
dae542dab856c85ce3352374aa01814ea5494b5e
-
SHA256
3fe61d87c9454554b0ce9101f95e18abad8ac6c62dcc88dc651ddfb20568e060
-
SHA512
494e0f3eecba708a557d01e34b40b645eb65ec2cc537f6f5d1c09d0654653ca9de33c14f9b7816d4354a37587ebd6e91f8a10e7cec1b102a1baedae107b1f72d
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
suricata: ET MALWARE BAZAR CnC Domain in DNS Lookup
suricata: ET MALWARE BAZAR CnC Domain in DNS Lookup
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-