Description
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f
General
Target
Size
Sample
d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f
97KB
220419-ctt5xabde7
Score
10 /10
MD5
SHA1
SHA256
SHA512
644f833fce3d075c4a0cc44cdc59e0fd
2aa95fa0d93a1a678e0bd891bdb5f990ab930a83
d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f
3c2ab610126b750e6cb7d49fce723b157cc6da80fa20477c68d7e0de06b35f319352940faff43c37afbb1214f54e8482ca4837571a7d610a746d04e538bb86c0
Malware Config
Targets
Target
MD5
Filesize
d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f
644f833fce3d075c4a0cc44cdc59e0fd
97KB
Score
8/10
SHA1
SHA256
SHA512
2aa95fa0d93a1a678e0bd891bdb5f990ab930a83
d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f
3c2ab610126b750e6cb7d49fce723b157cc6da80fa20477c68d7e0de06b35f319352940faff43c37afbb1214f54e8482ca4837571a7d610a746d04e538bb86c0
Signatures
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
-
Unexpected DNS network traffic destination
Description
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks