bazarbackdoor | 09557d538aee094d168a4b4fb5174d742fe81dd59dd27e2eee078fb3f10d9017 | Triage

Submit
Reports

Overview

overview

Static

static

Print_Preview.exe

windows7_x64

Print_Preview.exe

windows10_x64

Sharing

General

Target

Print_Preview.exe
Size

569KB
Sample

200915-3mq9s8lcxn
MD5

951acc18e4f14471f49235327e0c1ccc
SHA1

7fbe0b3af47957234f3fe22ae9de37ea7416c573
SHA256

09557d538aee094d168a4b4fb5174d742fe81dd59dd27e2eee078fb3f10d9017
SHA512

779b99299928b64eb777cec3c92364e1e7bb30f6192a88773d2521c6dc3a5000062a26418069819e4590b85d717041553aed214dc4ac68fa74825f6b565e25f7

Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader

Static task

static1

Behavioral task

behavioral1

Sample

Print_Preview.exe

Resource

win7v200722

bazarloader dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Print_Preview.exe

Resource

win10v200722

bazarbackdoor backdoor

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Print_Preview.exe
- Size
  
  569KB
- MD5
  
  951acc18e4f14471f49235327e0c1ccc
- SHA1
  
  7fbe0b3af47957234f3fe22ae9de37ea7416c573
- SHA256
  
  09557d538aee094d168a4b4fb5174d742fe81dd59dd27e2eee078fb3f10d9017
- SHA512
  
  779b99299928b64eb777cec3c92364e1e7bb30f6192a88773d2521c6dc3a5000062a26418069819e4590b85d717041553aed214dc4ac68fa74825f6b565e25f7
Score

10^/10

bazarloader dropper loader bazarbackdoor backdoor
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Bazar/Team9 Backdoor payload
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarbackdoorbackdoor

© 2018-2024

Terms | Privacy