General
Target

c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe

Filesize

154KB

Completed

08-05-2022 17:42

Task

behavioral1

Score
10/10
MD5

46c63a1a5969b2021fc95e425667da5f

SHA1

2847bdb673cec997bbad1e074f36e23da3c4f2a5

SHA256

c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165

SHA256

1a57b1f77d724ad3b812e6845ded4021fd70f93dd1987294b9f1430bdd80d3a632daa41912989e8783aef6eb46159175cbc98c7de4da3a86f9b61ca6e7b8d93d

Malware Config
Signatures 2

Filter: none

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

  • Tries to connect to .bazar domain

    Description

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    Reported IOCs

    descriptionflowioc
    HTTP URL9https://62.108.35.194/api/v153
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe
    "C:\Users\Admin\AppData\Local\Temp\c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe"
    PID:1796
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/1796-54-0x000007FEFBAA1000-0x000007FEFBAA3000-memory.dmp