bazarbackdoor | 1a19ad73601c5636654ea6b3167caba9de1c572ab2632b87ce9d702d0dcacf0b | Triage

Sharing

General

Target

1a19ad73601c5636654ea6b3167caba9de1c572ab2632b87ce9d702d0dcacf0b
Size

580KB
Sample

221026-1tcgvshcc6
MD5

b7d245ea334e2c1818cb757d7ef1f592
SHA1

c7411c8440593fac4b576b3d89504bf94b04ed1d
SHA256

1a19ad73601c5636654ea6b3167caba9de1c572ab2632b87ce9d702d0dcacf0b
SHA512

daf198057de8563b81014619308a405455a2a12b6dd0f9c02042614d10a7c6a4a190f610634089d96b141f710e19fd3627cdfa70f133e4d54078ad6bf3870acb
SSDEEP

6144:OJu7yDrEe9+FHM1sYr0JrU4ev9ZOh2At15jUR2EOjvktrYMZBxQTSAfGKEw:OJvD/Ys1l0JfW9H8C25jvMDZBxQ

Score

10^/10

bazarbackdoor backdoor

Malware Config

Targets

- Target
  
  1a19ad73601c5636654ea6b3167caba9de1c572ab2632b87ce9d702d0dcacf0b
- Size
  
  580KB
- MD5
  
  b7d245ea334e2c1818cb757d7ef1f592
- SHA1
  
  c7411c8440593fac4b576b3d89504bf94b04ed1d
- SHA256
  
  1a19ad73601c5636654ea6b3167caba9de1c572ab2632b87ce9d702d0dcacf0b
- SHA512
  
  daf198057de8563b81014619308a405455a2a12b6dd0f9c02042614d10a7c6a4a190f610634089d96b141f710e19fd3627cdfa70f133e4d54078ad6bf3870acb
- SSDEEP
  
  6144:OJu7yDrEe9+FHM1sYr0JrU4ev9ZOh2At15jUR2EOjvktrYMZBxQTSAfGKEw:OJvD/Ys1l0JfW9H8C25jvMDZBxQ
Score

10^/10

bazarbackdoor backdoor
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarbackdoorbackdoor

behavioral2

bazarbackdoorbackdoor