bazarbackdoor | b8cd9fdd5bdd9821ef060fe771255060309a821ea2b39de723c907512ef9abad | Triage

Sharing

General

Target

Document-Annual.exe
Size

563KB
Sample

201026-jcebgzpswn
MD5

6f7cc36be83724f96cd10e69a7856b41
SHA1

296e9d49e85efa47bc3ed83fee33b193b4a12298
SHA256

b8cd9fdd5bdd9821ef060fe771255060309a821ea2b39de723c907512ef9abad
SHA512

0b90a00ef773abfd8987b6756236192e4db13f6aec540759ceb7b45ed36a2415a4435d5cc7361d1a3bd462d97e6e33774fd5aa788a511cb525cc49820656df7c

Score

10^/10

bazarbackdoor backdoor

Malware Config

Targets

- Target
  
  Document-Annual.exe
- Size
  
  563KB
- MD5
  
  6f7cc36be83724f96cd10e69a7856b41
- SHA1
  
  296e9d49e85efa47bc3ed83fee33b193b4a12298
- SHA256
  
  b8cd9fdd5bdd9821ef060fe771255060309a821ea2b39de723c907512ef9abad
- SHA512
  
  0b90a00ef773abfd8987b6756236192e4db13f6aec540759ceb7b45ed36a2415a4435d5cc7361d1a3bd462d97e6e33774fd5aa788a511cb525cc49820656df7c
Score

10^/10

backdoor bazarbackdoor
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Blacklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

backdoorbazarbackdoor

behavioral2

backdoorbazarbackdoor