A BazarLoader DGA that Breaks Down in the Summer
Tags
Common Information
| Type | Value |
|---|---|
| UUID | c3f56494-c951-4d17-8eae-74e17a1b30ea |
| Fingerprint | a218a6f94ed1f7f0 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 13, 2021, midnight |
| Added to db | Aug. 31, 2024, 12:10 a.m. |
| Last updated | Nov. 16, 2024, 11:18 a.m. |
| Headline | A BazarLoader DGA that Breaks Down in the Summer |
| Title | A BazarLoader DGA that Breaks Down in the Summer |
| Detected Hints/Tags/Attributes | 38/1/15 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 19 | ✔ | Binary Reverse Engineering Blog | https://bin.re/feed.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | generic.ml |
|
| Details | Domain | 1 | backdoor.win64.bazdor.ax |
|
| Details | Domain | 1 | behaveslike.win64.trojan.ch |
|
| Details | Domain | 46 | datetime.now |
|
| Details | Domain | 5 | args.date |
|
| Details | File | 1 | 5f11f2db1295fa419b190bd7478d9b23.dll |
|
| Details | File | 3 | p.idx |
|
| Details | File | 6 | args.dat |
|
| Details | md5 | 1 | 5f11f2db1295fa419b190bd7478d9b23 |
|
| Details | md5 | 1 | 7c64ea7c4a229414b6048d18ab0836fd |
|
| Details | sha1 | 1 | 96d6c37fa0046a8dc1c520249dc94122e0fb3f52 |
|
| Details | sha1 | 1 | f10621be9bfee0152931f7790c2cbff022611f62 |
|
| Details | sha256 | 1 | 86d2aa04988befc74eccca5d99550f67093969b31aafa11cdce3476a4c59ba74 |
|
| Details | sha256 | 1 | d15dbfb7ef0511556a3527cc98d09145a56302bdd19a6083ee6d007af3352434 |
|
| Details | Yara rule | 1 | rule BazarDGA {
strings:
$bazar_tld = { 2E [4-12] 62 [4-12] 61 [4-12] 7A [4-12] 61 [4-12] 72 }
condition:
$bazar_tld
} |