Overview

overview

10

Static

static

6

Internet-Win7-30min

windows7_x64

10

NoInternet-Win7-10min

windows7_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Report-Review26-10.exe

  • Size

    8.8MB

  • Sample

    201026-8z1k3xwg2x

  • MD5

    8e4cb14f773ceadd0f38a37b195b7d9e

  • SHA1

    bde35c7501ba8fc2b69df5436531078ab84e99f4

  • SHA256

    766984606692fbfdd4d5b7784691ee65872a7c30c6a295936c6048d8ffba0b14

  • SHA512

    e91189785b0bb0e6fb82ec7f61b4806212057b6cdc32a3a103c6ca2cccd7e196b6f43754c874bb6df2fa2b95e31ab96acaf6271c6f4102fe5ff50511df087dfb

Score
10/10
bazarbackdoorbackdoor

Malware Config

Targets

    • Target

      Report-Review26-10.exe

    • Size

      8.8MB

    • MD5

      8e4cb14f773ceadd0f38a37b195b7d9e

    • SHA1

      bde35c7501ba8fc2b69df5436531078ab84e99f4

    • SHA256

      766984606692fbfdd4d5b7784691ee65872a7c30c6a295936c6048d8ffba0b14

    • SHA512

      e91189785b0bb0e6fb82ec7f61b4806212057b6cdc32a3a103c6ca2cccd7e196b6f43754c874bb6df2fa2b95e31ab96acaf6271c6f4102fe5ff50511df087dfb

    Score
    10/10
    backdoorbazarbackdoor

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blacklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks