General
-
Target
b200c43ddc7ed92dddd0cd01ab7a7f785618013b9eaa85aa3da0a377db7d2614
-
Size
461KB
-
Sample
220417-t321jsdge6
-
MD5
6744aa8b25616f7060b34933f29cb215
-
SHA1
86611fb1d7352b73f9206ffaad9d5651afbeb45a
-
SHA256
b200c43ddc7ed92dddd0cd01ab7a7f785618013b9eaa85aa3da0a377db7d2614
-
SHA512
d402aed51a6229b64f151851bffe5b3c5a402e501b4dc3854eb3700d69f6cff8bd9e4647588daa5c31683175ae722f0e9681bbd7498d160a4104a6e360cd4287
Malware Config
Targets
-
-
Target
b200c43ddc7ed92dddd0cd01ab7a7f785618013b9eaa85aa3da0a377db7d2614
-
Size
461KB
-
MD5
6744aa8b25616f7060b34933f29cb215
-
SHA1
86611fb1d7352b73f9206ffaad9d5651afbeb45a
-
SHA256
b200c43ddc7ed92dddd0cd01ab7a7f785618013b9eaa85aa3da0a377db7d2614
-
SHA512
d402aed51a6229b64f151851bffe5b3c5a402e501b4dc3854eb3700d69f6cff8bd9e4647588daa5c31683175ae722f0e9681bbd7498d160a4104a6e360cd4287
Score10/10-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-