General

  • Target

    38e91adac9a33b3ebb6a0fc54c4f893b

  • Size

    476KB

  • Sample

    231231-q9zl8abeg8

  • MD5

    38e91adac9a33b3ebb6a0fc54c4f893b

  • SHA1

    62265ccd164a4606a8447ad79e04bdae2ba2c318

  • SHA256

    1e093803d9fa80bbf214b426b573a2114d2a2a931fe58eb39256e5d0461de849

  • SHA512

    740af3f6c290bd6af90443de69e4edbcaa8d7050ddafcaa197f2c90c152786429da82a8143b40da2dfb2a0ae7beb6590865c115dcc3d19ed53e311405331811b

  • SSDEEP

    12288:0FFMfdUxknJ9H+EVCevvH06JBXTFb5KFYOSXM65LsnUFMJnanMnY:20Ego6JPlzz

Malware Config

Targets

    • Target

      38e91adac9a33b3ebb6a0fc54c4f893b

    • Size

      476KB

    • MD5

      38e91adac9a33b3ebb6a0fc54c4f893b

    • SHA1

      62265ccd164a4606a8447ad79e04bdae2ba2c318

    • SHA256

      1e093803d9fa80bbf214b426b573a2114d2a2a931fe58eb39256e5d0461de849

    • SHA512

      740af3f6c290bd6af90443de69e4edbcaa8d7050ddafcaa197f2c90c152786429da82a8143b40da2dfb2a0ae7beb6590865c115dcc3d19ed53e311405331811b

    • SSDEEP

      12288:0FFMfdUxknJ9H+EVCevvH06JBXTFb5KFYOSXM65LsnUFMJnanMnY:20Ego6JPlzz

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Bazar/Team9 Loader payload

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

MITRE ATT&CK Matrix

Tasks