General
-
Target
b2ecd207b38890a16653912d8003844c
-
Size
426KB
-
Sample
231227-rn9ezaffc8
-
MD5
b2ecd207b38890a16653912d8003844c
-
SHA1
e164c354fc691aa34ad400a772c994d3292f07b9
-
SHA256
fadb58b40ce2cbf2af1ded0c0b3c91354b761796ef8d9d8d48a4e64e4a543dba
-
SHA512
6487ad80e5a5cb276b3576d585ba277b41fa36868f642b88efab70c381cac45255f18f6b445cf473a0378fd5a7e9e5d4f748e2b08a50058728d71b98a69bcafd
-
SSDEEP
6144:ubT9YZt0qelf5iAWHqwbV8nr4Sjeom/ewvE4qHMi3NqvAC60qqU3PW6EF0is21jB:jY+x8nry1tvE4K0qY6Euu1jaiuo
Malware Config
Targets
-
-
Target
b2ecd207b38890a16653912d8003844c
-
Size
426KB
-
MD5
b2ecd207b38890a16653912d8003844c
-
SHA1
e164c354fc691aa34ad400a772c994d3292f07b9
-
SHA256
fadb58b40ce2cbf2af1ded0c0b3c91354b761796ef8d9d8d48a4e64e4a543dba
-
SHA512
6487ad80e5a5cb276b3576d585ba277b41fa36868f642b88efab70c381cac45255f18f6b445cf473a0378fd5a7e9e5d4f748e2b08a50058728d71b98a69bcafd
-
SSDEEP
6144:ubT9YZt0qelf5iAWHqwbV8nr4Sjeom/ewvE4qHMi3NqvAC60qqU3PW6EF0is21jB:jY+x8nry1tvE4K0qY6Euu1jaiuo
Score10/10-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-