Overview

overview

10

Static

static

3

c457e8760b...1a.dll

windows7-x64

10

c457e8760b...1a.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c457e8760ba768b3a9746831c366ac1a

  • Size

    1.2MB

  • Sample

    240312-26gssadf6x

  • MD5

    c457e8760ba768b3a9746831c366ac1a

  • SHA1

    94fec4b344f00e5f890c6c850743c80f98659a72

  • SHA256

    85a19656e73c4a3343b476bc823437a58df84e25a631fb543eb7bf876a9aef31

  • SHA512

    830bdd275b1d929e892ff4e474cde20550b88f82ac59354f40ecb007eebc04492a512044783559020016002bb81665d5162c638934af95d8ad9aa4566d885dbd

  • SSDEEP

    24576:0Wpc+G43nwqthqmmldpXoQ5IyXdLrgvHmrM:8+n3Hthqm9qgkM

Score
10/10
bazarloaderdropperloader

Malware Config

Targets

    • Target

      c457e8760ba768b3a9746831c366ac1a

    • Size

      1.2MB

    • MD5

      c457e8760ba768b3a9746831c366ac1a

    • SHA1

      94fec4b344f00e5f890c6c850743c80f98659a72

    • SHA256

      85a19656e73c4a3343b476bc823437a58df84e25a631fb543eb7bf876a9aef31

    • SHA512

      830bdd275b1d929e892ff4e474cde20550b88f82ac59354f40ecb007eebc04492a512044783559020016002bb81665d5162c638934af95d8ad9aa4566d885dbd

    • SSDEEP

      24576:0Wpc+G43nwqthqmmldpXoQ5IyXdLrgvHmrM:8+n3Hthqm9qgkM

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks