bazarbackdoor | a5f51f376a2c7a84ff6220a95302f777e9f234b163bcc886f88fd0c223adeb13 | Triage

Submit
Reports

Overview

overview

Static

static

a5f51f376a...13.exe

windows7_x64

a5f51f376a...13.exe

windows10-2004_x64

Sharing

General

Target

a5f51f376a2c7a84ff6220a95302f777e9f234b163bcc886f88fd0c223adeb13
Size

243KB
Sample

220302-c3j2asdhhn
MD5

6cf7f288325e1e49d6b936b8a8eaff9e
SHA1

2f49f2b04147b91e20966ac82fd64f1f340854a7
SHA256

a5f51f376a2c7a84ff6220a95302f777e9f234b163bcc886f88fd0c223adeb13
SHA512

9152e5437dfea3117d29624929cbfce5ab2dda96838d1236e59c30b5934505a67fc136ebe2586161290d07ef90339355cab78cd6248f8d5e15abf7232d3dcdbd

Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader suricata

Static task

static1

Behavioral task

behavioral1

Sample

a5f51f376a2c7a84ff6220a95302f777e9f234b163bcc886f88fd0c223adeb13.exe

Resource

win7-20220223-en

bazarbackdoor bazarloader backdoor dropper loader suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a5f51f376a2c7a84ff6220a95302f777e9f234b163bcc886f88fd0c223adeb13.exe

Resource

win10v2004-en-20220113

bazarbackdoor bazarloader backdoor dropper loader suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a5f51f376a2c7a84ff6220a95302f777e9f234b163bcc886f88fd0c223adeb13
- Size
  
  243KB
- MD5
  
  6cf7f288325e1e49d6b936b8a8eaff9e
- SHA1
  
  2f49f2b04147b91e20966ac82fd64f1f340854a7
- SHA256
  
  a5f51f376a2c7a84ff6220a95302f777e9f234b163bcc886f88fd0c223adeb13
- SHA512
  
  9152e5437dfea3117d29624929cbfce5ab2dda96838d1236e59c30b5934505a67fc136ebe2586161290d07ef90339355cab78cd6248f8d5e15abf7232d3dcdbd
Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader suricata
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarbackdoorbazarloaderbackdoordropperloadersuricata

behavioral2

bazarbackdoorbazarloaderbackdoordropperloadersuricata

© 2018-2024

Terms | Privacy