bazarloader | f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e | Triage

Submit
Reports

Overview

overview

Static

static

f351b6bef9...3e.exe

windows7_x64

8

f351b6bef9...3e.exe

windows10-2004_x64

8

Sharing

General

Target

f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e
Size

231KB
Sample

220327-b4degagbdk
MD5

ebba0a18ecb946c45f60a14be223c7d4
SHA1

cfbb5280e97aa589c3fa46ae2bc77c9523eba46a
SHA256

f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e
SHA512

71dea8c205883df79b154c1586e4be0fa9b784ae6d47a8718f9b09cc4b803e26b20f5ebc396376dfc1848a2e261e805b84c2d70ee1a8ccd5a234141715850f4a

Score

10^/10

bazarloader

Static task

static1

Behavioral task

behavioral1

Sample

f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e.exe

Resource

win7-20220331-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e
- Size
  
  231KB
- MD5
  
  ebba0a18ecb946c45f60a14be223c7d4
- SHA1
  
  cfbb5280e97aa589c3fa46ae2bc77c9523eba46a
- SHA256
  
  f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e
- SHA512
  
  71dea8c205883df79b154c1586e4be0fa9b784ae6d47a8718f9b09cc4b803e26b20f5ebc396376dfc1848a2e261e805b84c2d70ee1a8ccd5a234141715850f4a
Score

8^/10
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy