Overview

overview

10

Static

static

28b313f8a0...e3.exe

windows7_x64

10

28b313f8a0...e3.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28b313f8a09e2512039b0e5bbfb67af2aee9b461bac9e0a455dbd409b7b621e3

  • Size

    5.7MB

  • Sample

    220508-t2pntscch3

  • MD5

    ba54c9285faa654d9071fa8d2b3a0a84

  • SHA1

    cdb4676ba2cf3cc21c3d7db315552756b4966b45

  • SHA256

    28b313f8a09e2512039b0e5bbfb67af2aee9b461bac9e0a455dbd409b7b621e3

  • SHA512

    1e726e61fd552e8970c0cc66e13d519fdadb9b6becfdd67788cd131ec0172a174a67e9d9c43aad9f5563684a68b74d1f30aee69869abb6d95ae8a68d10b0ae6d

Score
10/10
bazarloaderdropperloader

Malware Config

Targets

    • Target

      28b313f8a09e2512039b0e5bbfb67af2aee9b461bac9e0a455dbd409b7b621e3

    • Size

      5.7MB

    • MD5

      ba54c9285faa654d9071fa8d2b3a0a84

    • SHA1

      cdb4676ba2cf3cc21c3d7db315552756b4966b45

    • SHA256

      28b313f8a09e2512039b0e5bbfb67af2aee9b461bac9e0a455dbd409b7b621e3

    • SHA512

      1e726e61fd552e8970c0cc66e13d519fdadb9b6becfdd67788cd131ec0172a174a67e9d9c43aad9f5563684a68b74d1f30aee69869abb6d95ae8a68d10b0ae6d

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks