Resubmissions

27-09-2020 00:33

200927-n2q2v3n43s 6

10-09-2020 08:49

200910-c8x1yrxskj 10

General

  • Target

    e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e

  • Size

    379KB

  • Sample

    200910-c8x1yrxskj

  • MD5

    9f00d78f2e8e4523773a264f85be1c02

  • SHA1

    3c542144a7a03134060bd666206a106bcea95e5a

  • SHA256

    e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e

  • SHA512

    5760967703d0702d4c855b75c895a2432c809ca8f945f2a80914f21b3c8129c4bbf155bac4bb5fa6b03e868b3d33cfbe1b3321a7b438741cd62d1c3323d38928

Malware Config

Targets

    • Target

      e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e

    • Size

      379KB

    • MD5

      9f00d78f2e8e4523773a264f85be1c02

    • SHA1

      3c542144a7a03134060bd666206a106bcea95e5a

    • SHA256

      e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e

    • SHA512

      5760967703d0702d4c855b75c895a2432c809ca8f945f2a80914f21b3c8129c4bbf155bac4bb5fa6b03e868b3d33cfbe1b3321a7b438741cd62d1c3323d38928

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks