bazarbackdoor | 8ef176944e54df85db028979ceb66b2b6e807b1615f4254c273d4b433caec0dd | Triage

Resubmissions

01-11-2024 12:33

241101-pradyaypdv 10

27-10-2024 23:08

241027-24hmasskhj 10

20-10-2024 16:28

241020-tyzdvsxgqb 3

20-10-2024 16:26

241020-tx2gtszekk 3

02-10-2024 11:53

241002-n2j6fsycqb 3

13-09-2024 04:59

240913-fmwxpswcpb 3

11-09-2024 15:54

240911-tcmg6sygmm 3

11-09-2024 15:53

240911-tbsmsszbnh 10

25-08-2024 22:53

240825-2t6als1gll 10

Sharing

General

Target

230823-139hyshd3w_pw_infected.zip
Size

472KB
Sample

240824-z65thazfpa
MD5

e3af7d1463d266e02cd03ea7a3add2e4
SHA1

6456c0de00c86db5e7d061fbf7e19792d3dbbc4a
SHA256

8ef176944e54df85db028979ceb66b2b6e807b1615f4254c273d4b433caec0dd
SHA512

855e4ba5316a800113f6f410d37ba7e981c0f72bb23664c26e464777f2a0a96d8f651e77189af89e70be9d032a3a1b7b40b005bd60b9f6dc792c7588b3a8d9bb
SSDEEP

12288:ABgmK1z0D2TuzS4cu2LH6WhBO8RiKrDmlPPoSdERZIhp4TWo3:2BKqSt4AH6Whc2fqPoSdEDRWo3

Score

10^/10

bazarbackdoor backdoor discovery

Malware Config

Targets

- Target
  
  dl2.exe
- Size
  
  849KB
- MD5
  
  c2055b7fbaa041d9f68b9d5df9b45edd
- SHA1
  
  e4bd443bd4ce9029290dcd4bb47cb1a01f3b1b06
- SHA256
  
  342f04c4720590c40d24078d46d9b19d8175565f0af460598171d58f5ffc48f3
- SHA512
  
  18905b75938b8af9468b1aa3ffbae796a139c2762e623aa6ffb9ec2b293dd04aa1f90d1ed5a7dbda7853795a3688e368121a134c7f63e527a8e5e7679301a1dc
- SSDEEP
  
  12288:A3RY3yNqMRTF4q2rxHn2ot/81xpNQyjUXlmoe7ufjHAtjXD7r2:A3RY3R24q+xn/8Xp2yOl5fzQ/2
Score

10^/10

bazarbackdoor backdoor discovery
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bazarbackdoorbackdoordiscovery