bazarbackdoor | a215a2e74717ea061874bc649a4bfc4e2b7ed744fb0c4334b327e7d32378edb5 | Triage

Sharing

General

Target

a215a2e74717ea061874bc649a4bfc4e2b7ed744fb0c4334b327e7d32378edb5
Size

553KB
Sample

201029-ccklhm35fe
MD5

49578456a3e8a11b564cc8c9ba5a2bb6
SHA1

e1b2663f7e8971a42bea1b5ff3d9d96079bd0a6d
SHA256

a215a2e74717ea061874bc649a4bfc4e2b7ed744fb0c4334b327e7d32378edb5
SHA512

f2895d86721ff49cb7e903b9bfa699a2e8fb2af7ff7dd7c1f0d22df051074492da28688468c85efc3e136dce6fc21fbc735b8d0a0b2b32dfd9abc7da96d586b2

Score

10^/10

bazarbackdoor backdoor

Malware Config

Targets

- Target
  
  a215a2e74717ea061874bc649a4bfc4e2b7ed744fb0c4334b327e7d32378edb5
- Size
  
  553KB
- MD5
  
  49578456a3e8a11b564cc8c9ba5a2bb6
- SHA1
  
  e1b2663f7e8971a42bea1b5ff3d9d96079bd0a6d
- SHA256
  
  a215a2e74717ea061874bc649a4bfc4e2b7ed744fb0c4334b327e7d32378edb5
- SHA512
  
  f2895d86721ff49cb7e903b9bfa699a2e8fb2af7ff7dd7c1f0d22df051074492da28688468c85efc3e136dce6fc21fbc735b8d0a0b2b32dfd9abc7da96d586b2
Score

10^/10

bazarbackdoor backdoor
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Blacklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarbackdoorbackdoor

behavioral2