e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e

Target

Size

379KB

Sample

200910-c8x1yrxskj

Score

10 ^/10

MD5

9f00d78f2e8e4523773a264f85be1c02

SHA1

3c542144a7a03134060bd666206a106bcea95e5a

SHA256

e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e

SHA512

5760967703d0702d4c855b75c895a2432c809ca8f945f2a80914f21b3c8129c4bbf155bac4bb5fa6b03e868b3d33cfbe1b3321a7b438741cd62d1c3323d38928

Target

e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e

MD5

9f00d78f2e8e4523773a264f85be1c02

Filesize

379KB

Score

10 ^/10

SHA1

3c542144a7a03134060bd666206a106bcea95e5a

SHA256

e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e

SHA512

5760967703d0702d4c855b75c895a2432c809ca8f945f2a80914f21b3c8129c4bbf155bac4bb5fa6b03e868b3d33cfbe1b3321a7b438741cd62d1c3323d38928

Signatures

Bazar Loader

Description

Detected loader normally used to deploy BazarBackdoor malware.

Tags

loader dropper bazarloader
BazarBackdoor

Description

Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

Tags

backdoor bazarbackdoor
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application

Tags

persistence

TTPs

Registry Run Keys / Startup Folder Modify Registry
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

persistence loader dropper bazarloader backdoor bazarbackdoor

10^/10

behavioral2

persistence loader dropper bazarloader backdoor bazarbackdoor

10^/10

Tags

Signatures

Bazar Loader

Description

Tags

BazarBackdoor

Description

Tags

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2