4c0b10f54e62d48405351342ebf4a11ae449ac6377d091827d5a177c0e0f9719

Target

Size

116KB

Sample

220502-nsgc7sehck

Score

10 ^/10

MD5

7de28d47c6f1dbe38f892253ff530208

SHA1

019cd9232cb9df9109142f78fa5a7eaf91e5c549

SHA256

4c0b10f54e62d48405351342ebf4a11ae449ac6377d091827d5a177c0e0f9719

SHA512

5da4e8e9e3e101291551b6c0570ce14b7c7be37a4b87a897dc11d0ed250b12df78fec4aed86c0203a9f35c0acba9b72e5d81eea01565c4287dbd3265b4f31c42

Target

4c0b10f54e62d48405351342ebf4a11ae449ac6377d091827d5a177c0e0f9719

MD5

7de28d47c6f1dbe38f892253ff530208

Filesize

116KB

Score

10^/10

SHA1

019cd9232cb9df9109142f78fa5a7eaf91e5c549

SHA256

4c0b10f54e62d48405351342ebf4a11ae449ac6377d091827d5a177c0e0f9719

SHA512

5da4e8e9e3e101291551b6c0570ce14b7c7be37a4b87a897dc11d0ed250b12df78fec4aed86c0203a9f35c0acba9b72e5d81eea01565c4287dbd3265b4f31c42

Signatures

BazarBackdoor
Description

Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
Tags

backdoor bazarbackdoor
Tries to connect to .bazar domain
Description

Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
Unexpected DNS network traffic destination
Description

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

bazarloader

10^/10

behavioral1

bazarbackdoor backdoor

10^/10

behavioral2

bazarbackdoor backdoor

10^/10

Tags

Signatures

BazarBackdoor

Description

Tags

Tries to connect to .bazar domain

Description

Unexpected DNS network traffic destination

Description

Related Tasks

static1

behavioral1

behavioral2