bazarbackdoor | 8ef176944e54df85db028979ceb66b2b6e807b1615f4254c273d4b433caec0dd | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

dl2.exe

windows7-x64

dl2.exe

windows10-2004-x64

Resubmissions

01/11/2024, 12:33 UTC

241101-pradyaypdv 10

27/10/2024, 23:08 UTC

241027-24hmasskhj 10

20/10/2024, 16:28 UTC

241020-tyzdvsxgqb 3

20/10/2024, 16:26 UTC

241020-tx2gtszekk 3

02/10/2024, 11:53 UTC

241002-n2j6fsycqb 3

13/09/2024, 04:59 UTC

240913-fmwxpswcpb 3

11/09/2024, 15:54 UTC

240911-tcmg6sygmm 3

11/09/2024, 15:53 UTC

240911-tbsmsszbnh 10

25/08/2024, 22:53 UTC

240825-2t6als1gll 10

Sharing

General

Target

230823-139hyshd3w_pw_infected.zip
Size

472KB
Sample

240820-1tc4dsyhkk
MD5

e3af7d1463d266e02cd03ea7a3add2e4
SHA1

6456c0de00c86db5e7d061fbf7e19792d3dbbc4a
SHA256

8ef176944e54df85db028979ceb66b2b6e807b1615f4254c273d4b433caec0dd
SHA512

855e4ba5316a800113f6f410d37ba7e981c0f72bb23664c26e464777f2a0a96d8f651e77189af89e70be9d032a3a1b7b40b005bd60b9f6dc792c7588b3a8d9bb
SSDEEP

12288:ABgmK1z0D2TuzS4cu2LH6WhBO8RiKrDmlPPoSdERZIhp4TWo3:2BKqSt4AH6Whc2fqPoSdEDRWo3

Score

10^/10

bazarbackdoor backdoor discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dl2.exe

Resource

win7-20240705-en

bazarbackdoor backdoor

windows7-x64

4 signatures

1800 seconds

Behavioral task

behavioral2

Sample

dl2.exe

Resource

win10v2004-20240802-en

bazarbackdoor backdoor discovery

windows10-2004-x64

5 signatures

1800 seconds

Malware Config

Targets

- Target
  
  dl2.exe
- Size
  
  849KB
- MD5
  
  c2055b7fbaa041d9f68b9d5df9b45edd
- SHA1
  
  e4bd443bd4ce9029290dcd4bb47cb1a01f3b1b06
- SHA256
  
  342f04c4720590c40d24078d46d9b19d8175565f0af460598171d58f5ffc48f3
- SHA512
  
  18905b75938b8af9468b1aa3ffbae796a139c2762e623aa6ffb9ec2b293dd04aa1f90d1ed5a7dbda7853795a3688e368121a134c7f63e527a8e5e7679301a1dc
- SSDEEP
  
  12288:A3RY3yNqMRTF4q2rxHn2ot/81xpNQyjUXlmoe7ufjHAtjXD7r2:A3RY3R24q+xn/8Xp2yOl5fzQ/2
Score

10^/10

bazarbackdoor backdoor discovery
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarbackdoorbackdoor

behavioral2

bazarbackdoorbackdoordiscovery

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.