4324e519c3af337501924823d25274db909e16cc3805de838157737f948ec255

General
Target

4324e519c3af337501924823d25274db909e16cc3805de838157737f948ec255

Size

153KB

Sample

220510-wdqmbsdgg6

Score
10 /10
MD5

07312275b8a97fc8a4d6024f889f40aa

SHA1

242df9bf507f11468fe9d40994a6bf34b472817a

SHA256

4324e519c3af337501924823d25274db909e16cc3805de838157737f948ec255

SHA512

1bbdd9bc4072468cb11f218e8e2cbef2ae4d64fa75cbca08d5512482e1faecbf4a2c48f1a5dbbb88afc5a99bedcf72bcab1f0f7d64117594757ad6ad52edb80b

Malware Config
Targets
Target

4324e519c3af337501924823d25274db909e16cc3805de838157737f948ec255

MD5

07312275b8a97fc8a4d6024f889f40aa

Filesize

153KB

Score
10/10
SHA1

242df9bf507f11468fe9d40994a6bf34b472817a

SHA256

4324e519c3af337501924823d25274db909e16cc3805de838157737f948ec255

SHA512

1bbdd9bc4072468cb11f218e8e2cbef2ae4d64fa75cbca08d5512482e1faecbf4a2c48f1a5dbbb88afc5a99bedcf72bcab1f0f7d64117594757ad6ad52edb80b

Tags

Signatures

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

    Tags

  • Tries to connect to .bazar domain

    Description

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10