Overview

overview

10

Static

static

6

f471cbd53a...f5.exe

windows7_x64

10

f471cbd53a...f5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f471cbd53a52d27053c33c4fd18fe2305f94f947d8cc2275c3506fe74c2f11f5

  • Size

    12.0MB

  • Sample

    201020-nlca4qcy8e

  • MD5

    8c32e44ea7eadbeca921d8e292171556

  • SHA1

    7bbd86dd91e2a43ae6d7a132ac1918875146a40c

  • SHA256

    f471cbd53a52d27053c33c4fd18fe2305f94f947d8cc2275c3506fe74c2f11f5

  • SHA512

    5ab2311c7eb9b2b73450cd3a16d16261990c9c14723fc990daf548a45b3c135761613b4b9f612c93083d8f7fcecc46ba8665e197eaebdc914426d38d074ba0f2

Score
10/10
bazarbackdoorbackdoor

Malware Config

Targets

    • Target

      f471cbd53a52d27053c33c4fd18fe2305f94f947d8cc2275c3506fe74c2f11f5

    • Size

      12.0MB

    • MD5

      8c32e44ea7eadbeca921d8e292171556

    • SHA1

      7bbd86dd91e2a43ae6d7a132ac1918875146a40c

    • SHA256

      f471cbd53a52d27053c33c4fd18fe2305f94f947d8cc2275c3506fe74c2f11f5

    • SHA512

      5ab2311c7eb9b2b73450cd3a16d16261990c9c14723fc990daf548a45b3c135761613b4b9f612c93083d8f7fcecc46ba8665e197eaebdc914426d38d074ba0f2

    Score
    10/10
    backdoorbazarbackdoor

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Blacklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks