c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16

General
Target

c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16

Size

245KB

Sample

220521-eszecacger

Score
10 /10
MD5

44bcd26f9a5bdffaec1458ae3ac05e5d

SHA1

5f2ac141932304ca6fd4252d19b54b7ac0769252

SHA256

c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16

SHA512

a6dade5b186371af34db8fce5d278895b4cf3f10f7fe0617ab01315cb67efeca2d20425c24689078ff7e1aefd63a3f11b24ca39ea89d928c1e3bd6f34dc4e115

Malware Config
Targets
Target

c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16

MD5

44bcd26f9a5bdffaec1458ae3ac05e5d

Filesize

245KB

Score
10/10
SHA1

5f2ac141932304ca6fd4252d19b54b7ac0769252

SHA256

c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16

SHA512

a6dade5b186371af34db8fce5d278895b4cf3f10f7fe0617ab01315cb67efeca2d20425c24689078ff7e1aefd63a3f11b24ca39ea89d928c1e3bd6f34dc4e115

Tags

Signatures

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

    Tags

  • Executes dropped EXE

  • Tries to connect to .bazar domain

    Description

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        8/10