d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f

General
Target

d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f

Size

97KB

Sample

220419-ctt5xabde7

Score
10 /10
MD5

644f833fce3d075c4a0cc44cdc59e0fd

SHA1

2aa95fa0d93a1a678e0bd891bdb5f990ab930a83

SHA256

d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f

SHA512

3c2ab610126b750e6cb7d49fce723b157cc6da80fa20477c68d7e0de06b35f319352940faff43c37afbb1214f54e8482ca4837571a7d610a746d04e538bb86c0

Malware Config
Targets
Target

d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f

MD5

644f833fce3d075c4a0cc44cdc59e0fd

Filesize

97KB

Score
8/10
SHA1

2aa95fa0d93a1a678e0bd891bdb5f990ab930a83

SHA256

d0a4ab1f0e390d232ff3790f6569f31915fbdab40f2b6d1813f8ffbdc83c3b9f

SHA512

3c2ab610126b750e6cb7d49fce723b157cc6da80fa20477c68d7e0de06b35f319352940faff43c37afbb1214f54e8482ca4837571a7d610a746d04e538bb86c0

Signatures

  • Blocklisted process makes network request

  • Tries to connect to .bazar domain

    Description

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

  • Unexpected DNS network traffic destination

    Description

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          10/10

                          behavioral1

                          8/10

                          behavioral2

                          8/10