Analysis
-
max time kernel
153s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
27-03-2022 01:41
Static task
static1
Behavioral task
behavioral1
Sample
f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e.exe
Resource
win10v2004-en-20220113
General
-
Target
f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e.exe
-
Size
231KB
-
MD5
ebba0a18ecb946c45f60a14be223c7d4
-
SHA1
cfbb5280e97aa589c3fa46ae2bc77c9523eba46a
-
SHA256
f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e
-
SHA512
71dea8c205883df79b154c1586e4be0fa9b784ae6d47a8718f9b09cc4b803e26b20f5ebc396376dfc1848a2e261e805b84c2d70ee1a8ccd5a234141715850f4a
Malware Config
Signatures
-
Tries to connect to .bazar domain 64 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
Processes:
flow ioc 584 aeeijlamgijp.bazar 376 dceijmdkgijq.bazar 403 bdehjkblghjo.bazar 498 dceijldkgijp.bazar 640 adggjkaligjo.bazar 311 ceggjkcmigjo.bazar 452 aefgjlamhgjp.bazar 637 bchgjlbkjgjp.bazar 338 afehjlanghjp.bazar 383 dceijmdkgijq.bazar 570 cefikkcmhiko.bazar 615 bchgjlbkjgjp.bazar 110 bdegjkblggjo.bazar 213 bdfgilblhgip.bazar 267 dfegkkdnggko.bazar 343 afehjlanghjp.bazar 370 dceijmdkgijq.bazar 525 cefhjmcmhhjq.bazar 612 bchgjlbkjgjp.bazar 123 bdegjkblggjo.bazar 251 dfegkkdnggko.bazar 282 afeiilangiip.bazar 186 bdfgilblhgip.bazar 202 bdfgilblhgip.bazar 199 bdfgilblhgip.bazar 332 ceggjkcmigjo.bazar 278 afeiilangiip.bazar 647 adggjkaligjo.bazar 152 ddehimdlghiq.bazar 212 bdfgilblhgip.bazar 221 aegijmamiijq.bazar 517 cefhjmcmhhjq.bazar 553 cefikkcmhiko.bazar 96 bdegjkblggjo.bazar 159 ddegkmdlggkq.bazar 501 dceijldkgijp.bazar 485 dceijldkgijp.bazar 575 cefikkcmhiko.bazar 638 bchgjlbkjgjp.bazar 170 ddegkmdlggkq.bazar 309 ceggjkcmigjo.bazar 392 dceijmdkgijq.bazar 348 afehjlanghjp.bazar 430 aefgjlamhgjp.bazar 454 aefgjlamhgjp.bazar 550 cefikkcmhiko.bazar 588 aeeijlamgijp.bazar 177 ddegkmdlggkq.bazar 310 ceggjkcmigjo.bazar 331 ceggjkcmigjo.bazar 613 bchgjlbkjgjp.bazar 182 ddegkmdlggkq.bazar 266 dfegkkdnggko.bazar 543 cefhjmcmhhjq.bazar 232 aegijmamiijq.bazar 300 afeiilangiip.bazar 609 bchgjlbkjgjp.bazar 210 bdfgilblhgip.bazar 360 afehjlanghjp.bazar 149 ddehimdlghiq.bazar 195 bdfgilblhgip.bazar 233 aegijmamiijq.bazar 529 cefhjmcmhhjq.bazar 542 cefhjmcmhhjq.bazar -
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 208.67.220.220 Destination IP 51.255.211.146 Destination IP 147.135.185.78 Destination IP 89.35.39.64 Destination IP 147.135.185.78 Destination IP 163.172.185.51 Destination IP 142.4.204.111 Destination IP 162.248.241.94 Destination IP 167.99.153.82 Destination IP 142.4.205.47 Destination IP 45.32.160.206 Destination IP 185.164.136.225 Destination IP 45.32.160.206 Destination IP 172.104.136.243 Destination IP 172.98.193.42 Destination IP 163.172.185.51 Destination IP 142.4.204.111 Destination IP 185.121.177.177 Destination IP 94.177.171.127 Destination IP 5.45.97.127 Destination IP 89.35.39.64 Destination IP 147.135.185.78 Destination IP 77.73.68.161 Destination IP 5.135.183.146 Destination IP 82.141.39.32 Destination IP 185.121.177.177 Destination IP 5.45.97.127 Destination IP 96.47.228.108 Destination IP 176.126.70.119 Destination IP 82.141.39.32 Destination IP 172.104.136.243 Destination IP 94.177.171.127 Destination IP 51.255.211.146 Destination IP 35.196.105.24 Destination IP 139.59.23.241 Destination IP 162.248.241.94 Destination IP 208.67.220.220 Destination IP 63.231.92.27 Destination IP 45.63.124.65 Destination IP 217.12.210.54 Destination IP 45.63.124.65 Destination IP 162.248.241.94 Destination IP 185.121.177.177 Destination IP 63.231.92.27 Destination IP 142.4.205.47 Destination IP 5.45.97.127 Destination IP 185.164.136.225 Destination IP 185.164.136.225 Destination IP 147.135.185.78 Destination IP 162.248.241.94 Destination IP 167.99.153.82 Destination IP 162.248.241.94 Destination IP 82.141.39.32 Destination IP 94.177.171.127 Destination IP 142.4.204.111 Destination IP 45.32.160.206 Destination IP 51.255.211.146 Destination IP 142.4.204.111 Destination IP 77.73.68.161 Destination IP 147.135.185.78 Destination IP 192.99.85.244 Destination IP 172.104.136.243 Destination IP 139.59.23.241 Destination IP 45.32.160.206