General

  • Target

    Report10-13.exe

  • Size

    2.1MB

  • Sample

    201013-gv3pz85lf6

  • MD5

    e94a676012fde240328e1ecc967c190b

  • SHA1

    55fbc6c53b379c42a49f155809b76350526aec8f

  • SHA256

    f5d920482e18df058cc0848a4e96d06af5322c05b3b61d3cf05800ab345d3edf

  • SHA512

    525d9b293c3486e4ea69b9cac819399d54fd0fe5b94b0f87266ee4331bd7f530d7e0068a13c27bad942d5c05086f38439d376122cdefb59e8ec8e5cdd3711178

Malware Config

Targets

    • Target

      Report10-13.exe

    • Size

      2.1MB

    • MD5

      e94a676012fde240328e1ecc967c190b

    • SHA1

      55fbc6c53b379c42a49f155809b76350526aec8f

    • SHA256

      f5d920482e18df058cc0848a4e96d06af5322c05b3b61d3cf05800ab345d3edf

    • SHA512

      525d9b293c3486e4ea69b9cac819399d54fd0fe5b94b0f87266ee4331bd7f530d7e0068a13c27bad942d5c05086f38439d376122cdefb59e8ec8e5cdd3711178

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Backdoor payload

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks