bazarbackdoor | 8ef176944e54df85db028979ceb66b2b6e807b1615f4254c273d4b433caec0dd | Triage

Resubmissions

03-05-2024 20:09

240503-yxg6eahb68 10

26-03-2024 12:19

240326-phb66sch41 3

11-03-2024 19:53

240311-yl4v2acf8z 10

02-03-2024 12:09

240302-pbjyfadb7y 10

12-10-2023 13:44

231012-q1ynkaee78 10

Sharing

General

Target

230823-139hyshd3w_pw_infected.zip
Size

472KB
Sample

240302-pbjyfadb7y
MD5

e3af7d1463d266e02cd03ea7a3add2e4
SHA1

6456c0de00c86db5e7d061fbf7e19792d3dbbc4a
SHA256

8ef176944e54df85db028979ceb66b2b6e807b1615f4254c273d4b433caec0dd
SHA512

855e4ba5316a800113f6f410d37ba7e981c0f72bb23664c26e464777f2a0a96d8f651e77189af89e70be9d032a3a1b7b40b005bd60b9f6dc792c7588b3a8d9bb
SSDEEP

12288:ABgmK1z0D2TuzS4cu2LH6WhBO8RiKrDmlPPoSdERZIhp4TWo3:2BKqSt4AH6Whc2fqPoSdEDRWo3

Score

10^/10

bazarbackdoor backdoor discovery

Malware Config

Targets

- Target
  
  dl2.exe
- Size
  
  849KB
- MD5
  
  c2055b7fbaa041d9f68b9d5df9b45edd
- SHA1
  
  e4bd443bd4ce9029290dcd4bb47cb1a01f3b1b06
- SHA256
  
  342f04c4720590c40d24078d46d9b19d8175565f0af460598171d58f5ffc48f3
- SHA512
  
  18905b75938b8af9468b1aa3ffbae796a139c2762e623aa6ffb9ec2b293dd04aa1f90d1ed5a7dbda7853795a3688e368121a134c7f63e527a8e5e7679301a1dc
- SSDEEP
  
  12288:A3RY3yNqMRTF4q2rxHn2ot/81xpNQyjUXlmoe7ufjHAtjXD7r2:A3RY3R24q+xn/8Xp2yOl5fzQ/2
Score

10^/10

bazarbackdoor backdoor discovery
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bazarbackdoorbackdoordiscovery