General

  • Target

    3720-130-0x0000000180000000-0x000000018003C000-memory.dmp

  • Size

    240KB

  • Sample

    220701-mrtrgaecf7

  • MD5

    05b27f22a4b2032dca2a5ef094f56029

  • SHA1

    9461229aa031a96970cbbd61a4758fdba39486a3

  • SHA256

    2bff52522f826e4f419c5e0b9cfce2c7495335c52fb91bfc104c860968868956

  • SHA512

    fab9ced7265de408a7216deb72f9be5734332b483d2be4158cdac3063abe77a0149955f43a044a74d6c7363b5b34989a1c4af8d2e888d25a9579c3eba1961ee6

Score
10/10

Malware Config

Targets

    • Target

      3720-130-0x0000000180000000-0x000000018003C000-memory.dmp

    • Size

      240KB

    • MD5

      05b27f22a4b2032dca2a5ef094f56029

    • SHA1

      9461229aa031a96970cbbd61a4758fdba39486a3

    • SHA256

      2bff52522f826e4f419c5e0b9cfce2c7495335c52fb91bfc104c860968868956

    • SHA512

      fab9ced7265de408a7216deb72f9be5734332b483d2be4158cdac3063abe77a0149955f43a044a74d6c7363b5b34989a1c4af8d2e888d25a9579c3eba1961ee6

    Score
    8/10
    • Blocklisted process makes network request

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks