bazarbackdoor | c55f8979995df82555d66f6b197b0fbcb8fe30b431ff9760deae6927a584b9e3

Analysis

max time kernel
584s
max time network
598s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
26-10-2022 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c55f8979995df82555d66f6b197b0fbcb8fe30b431ff9760deae6927a584b9e3.exe
Size

2.9MB
MD5

b3b2333fa8195ad7003b6b3624ec7271
SHA1

da702e36ccf5519831fec27904571c09cb1c200f
SHA256

c55f8979995df82555d66f6b197b0fbcb8fe30b431ff9760deae6927a584b9e3
SHA512

1df2210c4a30176aa03baae8b2145fedf65c50b41f49fcd050727339303f4ef56acc814d47ea429cb39b2c863e9f8dea5063ee23cfb98a7285f6cb3d315d2e53
SSDEEP

6144:pMjYlrdBoHRDl02h/1uO5/hlK7wDQhhJYaQ:pMjUdBoHRD/lg4/PlDEfYa

Score

10^/10

bazarbackdoor backdoor

Malware Config

Signatures

BazarBackdoor 64 IoCs

Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

backdoor bazarbackdoor

Processes:

flow	ioc
226	portgame.bazar
272	newgame.bazar
750	thegame.bazar
754	thegame.bazar
866	newgame.bazar
958	thegame.bazar
741	thegame.bazar
118	thegame.bazar
174	thegame.bazar
246	newgame.bazar
297	newgame.bazar
357	thegame.bazar
521	newgame.bazar
535	thegame.bazar
984	portgame.bazar
990	portgame.bazar
993	portgame.bazar
311	newgame.bazar
583	thegame.bazar
696	newgame.bazar
761	thegame.bazar
902	newgame.bazar
903	newgame.bazar
941	thegame.bazar
115	thegame.bazar
890	newgame.bazar
988	portgame.bazar
1035	portgame.bazar
216	portgame.bazar
217	portgame.bazar
442	portgame.bazar
670	newgame.bazar
785	portgame.bazar
794	portgame.bazar
922	thegame.bazar
86	newgame.bazar
177	portgame.bazar
243	portgame.bazar
613	portgame.bazar
641	newgame.bazar
260	newgame.bazar
592	thegame.bazar
604	portgame.bazar
612	portgame.bazar
185	portgame.bazar
268	newgame.bazar
474	newgame.bazar
655	newgame.bazar
1028	portgame.bazar
170	thegame.bazar
385	thegame.bazar
646	newgame.bazar
911	newgame.bazar
979	thegame.bazar
1009	portgame.bazar
1031	portgame.bazar
424	portgame.bazar
797	portgame.bazar
39	newgame.bazar
508	newgame.bazar
605	portgame.bazar
616	portgame.bazar
540	thegame.bazar
710	thegame.bazar

Tries to connect to .bazar domain 64 IoCs

Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

Processes:

flow	ioc
633	newgame.bazar
647	newgame.bazar
697	newgame.bazar
967	thegame.bazar
1026	portgame.bazar
230	portgame.bazar
276	newgame.bazar
300	newgame.bazar
1041	portgame.bazar
240	portgame.bazar
297	newgame.bazar
423	portgame.bazar
730	thegame.bazar
823	portgame.bazar
98	newgame.bazar
177	portgame.bazar
645	newgame.bazar
215	portgame.bazar
900	newgame.bazar
939	thegame.bazar
136	thegame.bazar
466	newgame.bazar
863	newgame.bazar
739	thegame.bazar
951	thegame.bazar
424	portgame.bazar
483	newgame.bazar
574	thegame.bazar
927	thegame.bazar
930	thegame.bazar
57	newgame.bazar
168	thegame.bazar
306	newgame.bazar
380	thegame.bazar
559	thegame.bazar
768	thegame.bazar
689	newgame.bazar
787	portgame.bazar
792	portgame.bazar
37	newgame.bazar
301	newgame.bazar
612	portgame.bazar
655	newgame.bazar
127	thegame.bazar
393	portgame.bazar
481	newgame.bazar
840	portgame.bazar
164	thegame.bazar
311	newgame.bazar
836	portgame.bazar
627	portgame.bazar
669	newgame.bazar
750	thegame.bazar
375	thegame.bazar
377	thegame.bazar
587	thegame.bazar
766	thegame.bazar
262	newgame.bazar
449	portgame.bazar
700	newgame.bazar
422	portgame.bazar
891	newgame.bazar
801	portgame.bazar
901	newgame.bazar

Unexpected DNS network traffic destination 64 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description	ioc
Destination IP	82.196.9.45
Destination IP	138.197.25.214
Destination IP	139.59.23.241
Destination IP	81.2.241.148
Destination IP	128.52.130.209
Destination IP	178.17.170.179
Destination IP	91.217.137.37
Destination IP	192.52.166.110
Destination IP	31.171.251.118
Destination IP	185.117.154.144
Destination IP	192.99.85.244
Destination IP	96.47.228.108
Destination IP	82.196.9.45
Destination IP	142.4.204.111
Destination IP	96.47.228.108
Destination IP	50.3.82.215
Destination IP	142.4.205.47
Destination IP	192.52.166.110
Destination IP	198.251.90.143
Destination IP	89.18.27.167
Destination IP	96.47.228.108
Destination IP	92.222.97.145
Destination IP	92.222.97.145
Destination IP	193.183.98.66
Destination IP	5.132.191.104
Destination IP	192.52.166.110
Destination IP	185.164.136.225
Destination IP	5.135.183.146
Destination IP	158.69.239.167
Destination IP	159.89.249.249
Destination IP	5.135.183.146
Destination IP	46.28.207.199
Destination IP	172.104.136.243
Destination IP	193.183.98.66
Destination IP	63.231.92.27
Destination IP	172.104.136.243
Destination IP	46.101.70.183
Destination IP	51.254.25.115
Destination IP	82.141.39.32
Destination IP	139.59.23.241
Destination IP	146.185.176.36
Destination IP	51.255.48.78
Destination IP	144.76.133.38
Destination IP	45.71.112.70
Destination IP	46.28.207.199
Destination IP	51.254.25.115
Destination IP	91.217.137.37
Destination IP	51.254.25.115
Destination IP	193.183.98.66
Destination IP	50.3.82.215
Destination IP	144.76.133.38
Destination IP	146.185.176.36
Destination IP	66.70.211.246
Destination IP	46.28.207.199
Destination IP	81.2.241.148
Destination IP	77.73.68.161
Destination IP	193.183.98.66
Destination IP	158.69.160.164
Destination IP	192.52.166.110
Destination IP	46.28.207.199
Destination IP	89.35.39.64
Destination IP	96.47.228.108
Destination IP	5.132.191.104
Destination IP	163.172.185.51

C:\Users\Admin\AppData\Local\Temp\c55f8979995df82555d66f6b197b0fbcb8fe30b431ff9760deae6927a584b9e3.exe
"C:\Users\Admin\AppData\Local\Temp\c55f8979995df82555d66f6b197b0fbcb8fe30b431ff9760deae6927a584b9e3.exe"
1⤵
PID:1920

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads