Overview

overview

10

Static

static

fabbde554c...0f.exe

windows7_x64

10

fabbde554c...0f.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fabbde554c34e111a975534b714cec911f558ca30f9a4057ebdc25314b3a270f

  • Size

    365KB

  • Sample

    200910-y38gepapq2

  • MD5

    157e256ee99b5ae2eb0b4663ea3bd3ca

  • SHA1

    11b315dab07ab1398962596770d9d26e46770f6a

  • SHA256

    fabbde554c34e111a975534b714cec911f558ca30f9a4057ebdc25314b3a270f

  • SHA512

    1bad7c718c09082853559cac0863a63ae6a8ffb37ae2a31435ed603487f2197384b8ab8c055208d7f58716c3f6cd4942d0d4c0bae1673023cbf18fd49cbe1708

Score
10/10
bazarbackdoorbazarloaderbackdoordropperloader

Malware Config

Targets

    • Target

      fabbde554c34e111a975534b714cec911f558ca30f9a4057ebdc25314b3a270f

    • Size

      365KB

    • MD5

      157e256ee99b5ae2eb0b4663ea3bd3ca

    • SHA1

      11b315dab07ab1398962596770d9d26e46770f6a

    • SHA256

      fabbde554c34e111a975534b714cec911f558ca30f9a4057ebdc25314b3a270f

    • SHA512

      1bad7c718c09082853559cac0863a63ae6a8ffb37ae2a31435ed603487f2197384b8ab8c055208d7f58716c3f6cd4942d0d4c0bae1673023cbf18fd49cbe1708

    Score
    10/10
    bazarloaderdropperloaderbazarbackdoorbackdoor

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Bazar/Team9 Backdoor payload

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks