General

  • Target

    8c08b6c27c8e596e2721e5c0a2db31ff728f640da1583ae4020cc966621dd7f8

  • Size

    116KB

  • Sample

    220502-nsfrnsehcj

  • MD5

    275b51360e89636c56f6a4ca34350a85

  • SHA1

    1fd28c50c3b15d45c474593671a48f47a61ed577

  • SHA256

    8c08b6c27c8e596e2721e5c0a2db31ff728f640da1583ae4020cc966621dd7f8

  • SHA512

    53d8af211b5d5ff61eafade7bb2fbdd8f43f4b329fe006462a887c603c71c0ea1f97738b786e7969f4608370a4dfac895c83307bb063fdcbcca851c20fe17d02

Malware Config

Targets

    • Target

      8c08b6c27c8e596e2721e5c0a2db31ff728f640da1583ae4020cc966621dd7f8

    • Size

      116KB

    • MD5

      275b51360e89636c56f6a4ca34350a85

    • SHA1

      1fd28c50c3b15d45c474593671a48f47a61ed577

    • SHA256

      8c08b6c27c8e596e2721e5c0a2db31ff728f640da1583ae4020cc966621dd7f8

    • SHA512

      53d8af211b5d5ff61eafade7bb2fbdd8f43f4b329fe006462a887c603c71c0ea1f97738b786e7969f4608370a4dfac895c83307bb063fdcbcca851c20fe17d02

    Score
    10/10
    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

MITRE ATT&CK Matrix

Tasks