bazarbackdoor | 59f13b3b1a968e0118de887c7dc82386a817b346a5fdd08c038861a0b25f0044 | Triage

Submit
Reports

Overview

overview

Static

static

59f13b3b1a...44.exe

windows7_x64

59f13b3b1a...44.exe

windows10-2004_x64

Sharing

General

Target

59f13b3b1a968e0118de887c7dc82386a817b346a5fdd08c038861a0b25f0044
Size

331KB
Sample

220309-b23lkscaf3
MD5

b6c64766199ecc6fda6eaf6406dee9ba
SHA1

3a104b152049653091b50b1c12689f14ec89229a
SHA256

59f13b3b1a968e0118de887c7dc82386a817b346a5fdd08c038861a0b25f0044
SHA512

e9a58f29138be746337729d909ded3bed02deea1b35b0d2a517dfe87fb6b540dbf00f313a3ff02acc6bcfe5a14aab1f376935cfdee0c0b2313d1c58d30dc6b50

Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader

Static task

static1

Behavioral task

behavioral1

Sample

59f13b3b1a968e0118de887c7dc82386a817b346a5fdd08c038861a0b25f0044.exe

Resource

win7-20220223-en

bazarbackdoor bazarloader backdoor dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

59f13b3b1a968e0118de887c7dc82386a817b346a5fdd08c038861a0b25f0044.exe

Resource

win10v2004-en-20220112

bazarbackdoor bazarloader backdoor dropper loader

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  59f13b3b1a968e0118de887c7dc82386a817b346a5fdd08c038861a0b25f0044
- Size
  
  331KB
- MD5
  
  b6c64766199ecc6fda6eaf6406dee9ba
- SHA1
  
  3a104b152049653091b50b1c12689f14ec89229a
- SHA256
  
  59f13b3b1a968e0118de887c7dc82386a817b346a5fdd08c038861a0b25f0044
- SHA512
  
  e9a58f29138be746337729d909ded3bed02deea1b35b0d2a517dfe87fb6b540dbf00f313a3ff02acc6bcfe5a14aab1f376935cfdee0c0b2313d1c58d30dc6b50
Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarbackdoorbazarloaderbackdoordropperloader

behavioral2

bazarbackdoorbazarloaderbackdoordropperloader

© 2018-2024

Terms | Privacy