b200c43ddc7ed92dddd0cd01ab7a7f785618013b9eaa85aa3da0a377db7d2614

General
Target

b200c43ddc7ed92dddd0cd01ab7a7f785618013b9eaa85aa3da0a377db7d2614

Size

461KB

Sample

220417-t321jsdge6

Score
10 /10
MD5

6744aa8b25616f7060b34933f29cb215

SHA1

86611fb1d7352b73f9206ffaad9d5651afbeb45a

SHA256

b200c43ddc7ed92dddd0cd01ab7a7f785618013b9eaa85aa3da0a377db7d2614

SHA512

d402aed51a6229b64f151851bffe5b3c5a402e501b4dc3854eb3700d69f6cff8bd9e4647588daa5c31683175ae722f0e9681bbd7498d160a4104a6e360cd4287

Malware Config
Targets
Target

b200c43ddc7ed92dddd0cd01ab7a7f785618013b9eaa85aa3da0a377db7d2614

MD5

6744aa8b25616f7060b34933f29cb215

Filesize

461KB

Score
10/10
SHA1

86611fb1d7352b73f9206ffaad9d5651afbeb45a

SHA256

b200c43ddc7ed92dddd0cd01ab7a7f785618013b9eaa85aa3da0a377db7d2614

SHA512

d402aed51a6229b64f151851bffe5b3c5a402e501b4dc3854eb3700d69f6cff8bd9e4647588daa5c31683175ae722f0e9681bbd7498d160a4104a6e360cd4287

Tags

Signatures

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

    Tags

  • Bazar/Team9 Loader payload

  • Tries to connect to .bazar domain

    Description

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

  • Unexpected DNS network traffic destination

    Description

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10