General

  • Target

    Print_Preview.exe

  • Size

    569KB

  • Sample

    200915-3mq9s8lcxn

  • MD5

    951acc18e4f14471f49235327e0c1ccc

  • SHA1

    7fbe0b3af47957234f3fe22ae9de37ea7416c573

  • SHA256

    09557d538aee094d168a4b4fb5174d742fe81dd59dd27e2eee078fb3f10d9017

  • SHA512

    779b99299928b64eb777cec3c92364e1e7bb30f6192a88773d2521c6dc3a5000062a26418069819e4590b85d717041553aed214dc4ac68fa74825f6b565e25f7

Malware Config

Targets

    • Target

      Print_Preview.exe

    • Size

      569KB

    • MD5

      951acc18e4f14471f49235327e0c1ccc

    • SHA1

      7fbe0b3af47957234f3fe22ae9de37ea7416c573

    • SHA256

      09557d538aee094d168a4b4fb5174d742fe81dd59dd27e2eee078fb3f10d9017

    • SHA512

      779b99299928b64eb777cec3c92364e1e7bb30f6192a88773d2521c6dc3a5000062a26418069819e4590b85d717041553aed214dc4ac68fa74825f6b565e25f7

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Backdoor payload

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks