Analysis
-
max time kernel
600s -
max time network
601s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
26-10-2022 21:56
Behavioral task
behavioral1
Sample
c55f8979995df82555d66f6b197b0fbcb8fe30b431ff9760deae6927a584b9e3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c55f8979995df82555d66f6b197b0fbcb8fe30b431ff9760deae6927a584b9e3.exe
Resource
win10v2004-20220901-en
General
-
Target
c55f8979995df82555d66f6b197b0fbcb8fe30b431ff9760deae6927a584b9e3.exe
-
Size
2.9MB
-
MD5
b3b2333fa8195ad7003b6b3624ec7271
-
SHA1
da702e36ccf5519831fec27904571c09cb1c200f
-
SHA256
c55f8979995df82555d66f6b197b0fbcb8fe30b431ff9760deae6927a584b9e3
-
SHA512
1df2210c4a30176aa03baae8b2145fedf65c50b41f49fcd050727339303f4ef56acc814d47ea429cb39b2c863e9f8dea5063ee23cfb98a7285f6cb3d315d2e53
-
SSDEEP
6144:pMjYlrdBoHRDl02h/1uO5/hlK7wDQhhJYaQ:pMjUdBoHRD/lg4/PlDEfYa
Malware Config
Signatures
-
BazarBackdoor 64 IoCs
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
Processes:
flow ioc 135 portgame.bazar 208 newgame.bazar 258 thegame.bazar 4 newgame.bazar 8 newgame.bazar 87 thegame.bazar 78 thegame.bazar 11 newgame.bazar 189 newgame.bazar 235 newgame.bazar 80 thegame.bazar 121 portgame.bazar 142 portgame.bazar 197 newgame.bazar 216 newgame.bazar 76 thegame.bazar 214 newgame.bazar 259 thegame.bazar 77 thegame.bazar 82 thegame.bazar 134 portgame.bazar 178 newgame.bazar 180 newgame.bazar 110 portgame.bazar 124 portgame.bazar 125 portgame.bazar 154 portgame.bazar 52 thegame.bazar 188 newgame.bazar 250 thegame.bazar 97 thegame.bazar 109 portgame.bazar 140 portgame.bazar 203 newgame.bazar 252 thegame.bazar 179 newgame.bazar 49 thegame.bazar 58 thegame.bazar 92 thegame.bazar 146 portgame.bazar 147 portgame.bazar 170 portgame.bazar 263 thegame.bazar 14 newgame.bazar 38 thegame.bazar 47 thegame.bazar 81 thegame.bazar 89 thegame.bazar 222 newgame.bazar 244 newgame.bazar 265 thegame.bazar 3 newgame.bazar 55 thegame.bazar 114 portgame.bazar 123 portgame.bazar 129 portgame.bazar 54 thegame.bazar 83 thegame.bazar 173 portgame.bazar 245 newgame.bazar 16 newgame.bazar 119 portgame.bazar 141 portgame.bazar 193 newgame.bazar -
Tries to connect to .bazar domain 64 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
Processes:
flow ioc 80 thegame.bazar 241 newgame.bazar 68 thegame.bazar 108 portgame.bazar 139 portgame.bazar 143 portgame.bazar 21 newgame.bazar 105 thegame.bazar 146 portgame.bazar 181 newgame.bazar 195 newgame.bazar 58 thegame.bazar 103 thegame.bazar 162 portgame.bazar 164 portgame.bazar 17 newgame.bazar 30 newgame.bazar 74 thegame.bazar 75 thegame.bazar 165 portgame.bazar 171 portgame.bazar 194 newgame.bazar 16 newgame.bazar 29 newgame.bazar 169 portgame.bazar 200 newgame.bazar 213 newgame.bazar 217 newgame.bazar 53 thegame.bazar 115 portgame.bazar 126 portgame.bazar 161 portgame.bazar 173 portgame.bazar 188 newgame.bazar 248 thegame.bazar 25 newgame.bazar 65 thegame.bazar 163 portgame.bazar 256 thegame.bazar 259 thegame.bazar 81 thegame.bazar 120 portgame.bazar 237 newgame.bazar 45 thegame.bazar 55 thegame.bazar 202 newgame.bazar 230 newgame.bazar 251 thegame.bazar 255 thegame.bazar 219 newgame.bazar 125 portgame.bazar 141 portgame.bazar 207 newgame.bazar 43 thegame.bazar 47 thegame.bazar 184 newgame.bazar 11 newgame.bazar 70 thegame.bazar 85 thegame.bazar 14 newgame.bazar 113 portgame.bazar 160 portgame.bazar 192 newgame.bazar 63 thegame.bazar -
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 139.99.96.146 Destination IP 142.4.204.111 Destination IP 81.2.241.148 Destination IP 45.63.124.65 Destination IP 107.172.42.186 Destination IP 142.4.204.111 Destination IP 77.73.68.161 Destination IP 172.98.193.42 Destination IP 82.196.9.45 Destination IP 87.98.175.85 Destination IP 144.76.133.38 Destination IP 142.4.205.47 Destination IP 142.4.205.47 Destination IP 46.28.207.199 Destination IP 96.47.228.108 Destination IP 91.217.137.37 Destination IP 158.69.160.164 Destination IP 35.196.105.24 Destination IP 142.4.204.111 Destination IP 63.231.92.27 Destination IP 51.254.25.115 Destination IP 163.53.248.170 Destination IP 5.45.97.127 Destination IP 172.104.136.243 Destination IP 139.59.23.241 Destination IP 5.132.191.104 Destination IP 87.98.175.85 Destination IP 87.98.175.85 Destination IP 158.69.239.167 Destination IP 185.121.177.177 Destination IP 163.172.185.51 Destination IP 111.67.20.8 Destination IP 104.37.195.178 Destination IP 50.3.82.215 Destination IP 94.177.171.127 Destination IP 87.98.175.85 Destination IP 81.2.241.148 Destination IP 111.67.20.8 Destination IP 87.98.175.85 Destination IP 45.32.160.206 Destination IP 138.197.25.214 Destination IP 139.59.208.246 Destination IP 193.183.98.66 Destination IP 51.255.48.78 Destination IP 111.67.20.8 Destination IP 158.69.239.167 Destination IP 51.254.25.115 Destination IP 178.17.170.179 Destination IP 77.73.68.161 Destination IP 198.251.90.143 Destination IP 142.4.205.47 Destination IP 45.63.124.65 Destination IP 5.132.191.104 Destination IP 192.99.85.244 Destination IP 138.197.25.214 Destination IP 5.45.97.127 Destination IP 130.255.78.223 Destination IP 167.99.153.82 Destination IP 91.217.137.37 Destination IP 185.121.177.177 Destination IP 128.52.130.209 Destination IP 35.196.105.24 Destination IP 51.255.211.146 Destination IP 51.254.25.115