Overview

overview

10

Static

static

Report-Rev...10.exe

windows7_x64

10

Report-Rev...10.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Report-Review22-10.exe

  • Size

    7.7MB

  • Sample

    201022-edxtff72b2

  • MD5

    1c3dde885aa3cc2d7c24b7e13cccc941

  • SHA1

    c7af4759dc14a5a800cd0dbaa3a34c50ac94234a

  • SHA256

    daa3cfcabf9335f1a43c84f744cf809368e89201936e61b53d4430e6423db6e9

  • SHA512

    244ab9145fb0b633888f26c00bdb3bda651d025106db85b5ddac907d539488e0ecabd71c56204d5bae86fc23435d1ac2d38c1cb20b0c310ccd813ec40358ecae

Score
10/10
bazarbackdoorbackdoor

Malware Config

Targets

    • Target

      Report-Review22-10.exe

    • Size

      7.7MB

    • MD5

      1c3dde885aa3cc2d7c24b7e13cccc941

    • SHA1

      c7af4759dc14a5a800cd0dbaa3a34c50ac94234a

    • SHA256

      daa3cfcabf9335f1a43c84f744cf809368e89201936e61b53d4430e6423db6e9

    • SHA512

      244ab9145fb0b633888f26c00bdb3bda651d025106db85b5ddac907d539488e0ecabd71c56204d5bae86fc23435d1ac2d38c1cb20b0c310ccd813ec40358ecae

    Score
    10/10
    backdoorbazarbackdoor

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Blacklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks