Overview

overview

10

Static

static

10

d0a4ab1f0e...9f.dll

windows7_x64

8

d0a4ab1f0e...9f.dll

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f

  • Size

    97KB

  • Sample

    220419-ctt5xabde7

  • MD5

    644f833fce3d075c4a0cc44cdc59e0fd

  • SHA1

    2aa95fa0d93a1a678e0bd891bdb5f990ab930a83

  • SHA256

    d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f

  • SHA512

    3c2ab610126b750e6cb7d49fce723b157cc6da80fa20477c68d7e0de06b35f319352940faff43c37afbb1214f54e8482ca4837571a7d610a746d04e538bb86c0

Score
10/10
bazarloader

Malware Config

Targets

    • Target

      d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f

    • Size

      97KB

    • MD5

      644f833fce3d075c4a0cc44cdc59e0fd

    • SHA1

      2aa95fa0d93a1a678e0bd891bdb5f990ab930a83

    • SHA256

      d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f

    • SHA512

      3c2ab610126b750e6cb7d49fce723b157cc6da80fa20477c68d7e0de06b35f319352940faff43c37afbb1214f54e8482ca4837571a7d610a746d04e538bb86c0

    Score
    8/10

    • Blocklisted process makes network request

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks