bazarbackdoor | 4c0b10f54e62d48405351342ebf4a11ae449ac6377d091827d5a177c0e0f9719

Analysis

max time kernel
150s
max time network
157s
platform
windows7_x64
resource
win7-20220414-en
submitted
02-05-2022 11:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c0b10f54e62d48405351342ebf4a11ae449ac6377d091827d5a177c0e0f9719.exe
Size

116KB
MD5

7de28d47c6f1dbe38f892253ff530208
SHA1

019cd9232cb9df9109142f78fa5a7eaf91e5c549
SHA256

4c0b10f54e62d48405351342ebf4a11ae449ac6377d091827d5a177c0e0f9719
SHA512

5da4e8e9e3e101291551b6c0570ce14b7c7be37a4b87a897dc11d0ed250b12df78fec4aed86c0203a9f35c0acba9b72e5d81eea01565c4287dbd3265b4f31c42

Score

10^/10

bazarbackdoor backdoor

Malware Config

Signatures

BazarBackdoor 1 IoCs
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
backdoor bazarbackdoor

Processes:

description flow ioc

HTTP URL 16 https://shophoof.com/0336306285936423193596666561035540069021/2

description	flow	ioc
HTTP URL	16	https://shophoof.com/0336306285936423193596666561035540069021/2

Unexpected DNS network traffic destination 58 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description	ioc
Destination IP	87.98.175.85
Destination IP	188.165.200.156
Destination IP	87.98.175.85
Destination IP	142.4.205.47
Destination IP	31.171.251.118
Destination IP	46.101.70.183
Destination IP	5.45.97.127
Destination IP	147.135.185.78
Destination IP	185.208.208.141
Destination IP	77.73.68.161
Destination IP	139.99.96.146
Destination IP	217.12.210.54
Destination IP	185.121.177.177
Destination IP	5.132.191.104
Destination IP	158.69.160.164
Destination IP	92.222.97.145
Destination IP	178.17.170.179
Destination IP	51.255.211.146
Destination IP	192.99.85.244
Destination IP	144.76.133.38
Destination IP	51.255.48.78
Destination IP	169.239.202.202
Destination IP	130.255.78.223
Destination IP	89.18.27.167
Destination IP	104.37.195.178
Destination IP	45.71.112.70
Destination IP	159.89.249.249
Destination IP	82.196.9.45
Destination IP	91.217.137.37
Destination IP	192.52.166.110
Destination IP	111.67.20.8
Destination IP	139.59.208.246
Destination IP	5.135.183.146
Destination IP	91.217.137.37
Destination IP	185.117.154.144
Destination IP	163.53.248.170
Destination IP	142.4.204.111
Destination IP	63.231.92.27
Destination IP	46.28.207.199
Destination IP	82.141.39.32
Destination IP	158.69.239.167
Destination IP	172.104.136.243
Destination IP	104.238.186.189
Destination IP	212.24.98.54
Destination IP	146.185.176.36
Destination IP	198.251.90.143
Destination IP	81.2.241.148
Destination IP	139.59.23.241
Destination IP	193.183.98.66
Destination IP	163.172.185.51
Destination IP	94.177.171.127
Destination IP	51.254.25.115
Destination IP	193.183.98.66
Destination IP	89.35.39.64
Destination IP	50.3.82.215
Destination IP	176.126.70.119
Destination IP	45.63.124.65
Destination IP	185.164.136.225

C:\Users\Admin\AppData\Local\Temp\4c0b10f54e62d48405351342ebf4a11ae449ac6377d091827d5a177c0e0f9719.exe
"C:\Users\Admin\AppData\Local\Temp\4c0b10f54e62d48405351342ebf4a11ae449ac6377d091827d5a177c0e0f9719.exe"
1⤵
PID:860

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads