General
-
Target
59f13b3b1a968e0118de887c7dc82386a817b346a5fdd08c038861a0b25f0044
-
Size
331KB
-
Sample
220309-b23lkscaf3
-
MD5
b6c64766199ecc6fda6eaf6406dee9ba
-
SHA1
3a104b152049653091b50b1c12689f14ec89229a
-
SHA256
59f13b3b1a968e0118de887c7dc82386a817b346a5fdd08c038861a0b25f0044
-
SHA512
e9a58f29138be746337729d909ded3bed02deea1b35b0d2a517dfe87fb6b540dbf00f313a3ff02acc6bcfe5a14aab1f376935cfdee0c0b2313d1c58d30dc6b50
Static task
static1
Behavioral task
behavioral1
Sample
59f13b3b1a968e0118de887c7dc82386a817b346a5fdd08c038861a0b25f0044.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
59f13b3b1a968e0118de887c7dc82386a817b346a5fdd08c038861a0b25f0044.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
59f13b3b1a968e0118de887c7dc82386a817b346a5fdd08c038861a0b25f0044
-
Size
331KB
-
MD5
b6c64766199ecc6fda6eaf6406dee9ba
-
SHA1
3a104b152049653091b50b1c12689f14ec89229a
-
SHA256
59f13b3b1a968e0118de887c7dc82386a817b346a5fdd08c038861a0b25f0044
-
SHA512
e9a58f29138be746337729d909ded3bed02deea1b35b0d2a517dfe87fb6b540dbf00f313a3ff02acc6bcfe5a14aab1f376935cfdee0c0b2313d1c58d30dc6b50
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-