4c0b10f54e62d48405351342ebf4a11ae449ac6377d091827d5a177c0e0f9719

General
Target

4c0b10f54e62d48405351342ebf4a11ae449ac6377d091827d5a177c0e0f9719

Size

116KB

Sample

220502-nsgc7sehck

Score
10 /10
MD5

7de28d47c6f1dbe38f892253ff530208

SHA1

019cd9232cb9df9109142f78fa5a7eaf91e5c549

SHA256

4c0b10f54e62d48405351342ebf4a11ae449ac6377d091827d5a177c0e0f9719

SHA512

5da4e8e9e3e101291551b6c0570ce14b7c7be37a4b87a897dc11d0ed250b12df78fec4aed86c0203a9f35c0acba9b72e5d81eea01565c4287dbd3265b4f31c42

Malware Config
Targets
Target

4c0b10f54e62d48405351342ebf4a11ae449ac6377d091827d5a177c0e0f9719

MD5

7de28d47c6f1dbe38f892253ff530208

Filesize

116KB

Score
10/10
SHA1

019cd9232cb9df9109142f78fa5a7eaf91e5c549

SHA256

4c0b10f54e62d48405351342ebf4a11ae449ac6377d091827d5a177c0e0f9719

SHA512

5da4e8e9e3e101291551b6c0570ce14b7c7be37a4b87a897dc11d0ed250b12df78fec4aed86c0203a9f35c0acba9b72e5d81eea01565c4287dbd3265b4f31c42

Tags

Signatures

  • BazarBackdoor

    Description

    Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    Tags

  • Tries to connect to .bazar domain

    Description

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

  • Unexpected DNS network traffic destination

    Description

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          10/10

                          behavioral1

                          10/10

                          behavioral2

                          10/10