General

  • Target

    e77e27630277a31276539c379671f54095d6b735f0568a3c457ac6a189c4c5b4

  • Size

    288KB

  • Sample

    221026-1tmmtshcf3

  • MD5

    fdffbfa1380ab1a0ee2e26ff1be432b1

  • SHA1

    5a004286c5b97afd97beec4b1332777c494d6ff1

  • SHA256

    e77e27630277a31276539c379671f54095d6b735f0568a3c457ac6a189c4c5b4

  • SHA512

    36f8b7fafff7a8c23802358de537efe3a3de76d89db212c62ee9ce502c64cad7817c185e1cea8487214745e636c285476a0819f90fa397a29a25f56f3dbc59d9

  • SSDEEP

    6144:5nHYYpyAFUkAVcUtJ9YR7qZmeN9CGSiVMryu1Y5IDfsz:RxpyoUz1Gdom7GSuMrdk

Malware Config

Targets

    • Target

      e77e27630277a31276539c379671f54095d6b735f0568a3c457ac6a189c4c5b4

    • Size

      288KB

    • MD5

      fdffbfa1380ab1a0ee2e26ff1be432b1

    • SHA1

      5a004286c5b97afd97beec4b1332777c494d6ff1

    • SHA256

      e77e27630277a31276539c379671f54095d6b735f0568a3c457ac6a189c4c5b4

    • SHA512

      36f8b7fafff7a8c23802358de537efe3a3de76d89db212c62ee9ce502c64cad7817c185e1cea8487214745e636c285476a0819f90fa397a29a25f56f3dbc59d9

    • SSDEEP

      6144:5nHYYpyAFUkAVcUtJ9YR7qZmeN9CGSiVMryu1Y5IDfsz:RxpyoUz1Gdom7GSuMrdk

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks