General

  • Target

    20600d884b5e7d9d8f040ffb88a9ec4248e10dde4d9d49a559f80484e1e1b309

  • Size

    391KB

  • Sample

    201011-zldvag1fa2

  • MD5

    1e45d2c90541608526cbce3ea399af74

  • SHA1

    d3ca2ad3d6cf4c97f9922391d7a8830da3d51b2f

  • SHA256

    20600d884b5e7d9d8f040ffb88a9ec4248e10dde4d9d49a559f80484e1e1b309

  • SHA512

    ee4aa6274f547d3f2e672a3fe0438a48b284824b6fad4d19cbaec51e78bb34111da40a392118b12e4ef93db18e73b8d4950f3e98f1ef9084af19bb423fe52323

Score
10/10

Malware Config

Targets

    • Target

      20600d884b5e7d9d8f040ffb88a9ec4248e10dde4d9d49a559f80484e1e1b309

    • Size

      391KB

    • MD5

      1e45d2c90541608526cbce3ea399af74

    • SHA1

      d3ca2ad3d6cf4c97f9922391d7a8830da3d51b2f

    • SHA256

      20600d884b5e7d9d8f040ffb88a9ec4248e10dde4d9d49a559f80484e1e1b309

    • SHA512

      ee4aa6274f547d3f2e672a3fe0438a48b284824b6fad4d19cbaec51e78bb34111da40a392118b12e4ef93db18e73b8d4950f3e98f1ef9084af19bb423fe52323

    Score
    10/10
    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Blacklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks