9a5030ff5c23877a4b426f73dacc684aa11d08723499cf891d998c20ef1a289d

General
Target

9a5030ff5c23877a4b426f73dacc684aa11d08723499cf891d998c20ef1a289d

Size

125KB

Sample

220508-t98rnsffej

Score
10 /10
MD5

a112d432c396de8012e2dfeb982aa241

SHA1

1b3d8b92d7967637f6fc95dc79a810d6523a60ff

SHA256

9a5030ff5c23877a4b426f73dacc684aa11d08723499cf891d998c20ef1a289d

SHA512

6854a42943b9e305c07e3515d721a7097463817ebef412d3f224288677cb6b187c2d8d97d6292dfbcf23f5ea25304c965e700b818205d95d65f73c6bc83372cc

Malware Config
Targets
Target

9a5030ff5c23877a4b426f73dacc684aa11d08723499cf891d998c20ef1a289d

MD5

a112d432c396de8012e2dfeb982aa241

Filesize

125KB

Score
10/10
SHA1

1b3d8b92d7967637f6fc95dc79a810d6523a60ff

SHA256

9a5030ff5c23877a4b426f73dacc684aa11d08723499cf891d998c20ef1a289d

SHA512

6854a42943b9e305c07e3515d721a7097463817ebef412d3f224288677cb6b187c2d8d97d6292dfbcf23f5ea25304c965e700b818205d95d65f73c6bc83372cc

Tags

Signatures

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

    Tags

  • Tries to connect to .bazar domain

    Description

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          1/10

                          behavioral2

                          10/10