Overview

overview

10

Static

static

10

f4a5fe23e2...ed.exe

windows7-x64

10

f4a5fe23e2...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4a5fe23e21b6b7d63fa2d2c96a4bc4a34b40fd40a921b237a50a5976fe16001_unpacked

  • Size

    218KB

  • Sample

    221026-1tpr7ahcgk

  • MD5

    fdf79b8921487469919bb95b940899e6

  • SHA1

    b07039a88dabe7ac577a41a931b85e33364250c9

  • SHA256

    f4a5fe23e21b6b7d63fa2d2c96a4bc4a34b40fd40a921b237a50a5976fe16001

  • SHA512

    e843759ca65392ae397b461e5605efa12594895c19e8a951f5621eb9b98dd834af8d9cfa61dda1252bef2bcca898ecf5a53f5363d56284b69b6ab529dec3ac7c

  • SSDEEP

    6144:GoMuDd+j6cjDqcs2WFlNAemtEMb7+Nyh7+zTtLNY5Kb+:GoMGd+j6cjDqmCntm1b7+Y0rY5x

Score
10/10
bazarbackdoorbackdoor

Malware Config

Targets

    • Target

      f4a5fe23e21b6b7d63fa2d2c96a4bc4a34b40fd40a921b237a50a5976fe16001_unpacked

    • Size

      218KB

    • MD5

      fdf79b8921487469919bb95b940899e6

    • SHA1

      b07039a88dabe7ac577a41a931b85e33364250c9

    • SHA256

      f4a5fe23e21b6b7d63fa2d2c96a4bc4a34b40fd40a921b237a50a5976fe16001

    • SHA512

      e843759ca65392ae397b461e5605efa12594895c19e8a951f5621eb9b98dd834af8d9cfa61dda1252bef2bcca898ecf5a53f5363d56284b69b6ab529dec3ac7c

    • SSDEEP

      6144:GoMuDd+j6cjDqcs2WFlNAemtEMb7+Nyh7+zTtLNY5Kb+:GoMGd+j6cjDqmCntm1b7+Y0rY5x

    Score
    10/10
    bazarbackdoorbackdoor

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks