Overview

overview

10

Static

static

t64.exe

windows7_x64

10

t64.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    t64.exe

  • Size

    724KB

  • Sample

    201102-pm9hgf2yxa

  • MD5

    6d9047478abba33d7fbb15d602859103

  • SHA1

    0f97c7af1e4185d2dfa1a9af5ae4c9ad3bfc897a

  • SHA256

    6141566287a4de53c826f96492ddf53acd36ff44f90f380011b8ed5f672fef6b

  • SHA512

    4ba43b8480acff2709045baa9cc58c5f1123af98b98e391a43e0cd506163765ab25cbebe070ad3aaeee4642be1d1f3881625c0ce8e1440dc99502ce79d2c0ee7

Score
10/10
bazarbackdoorbackdoor

Malware Config

Targets

    • Target

      t64.exe

    • Size

      724KB

    • MD5

      6d9047478abba33d7fbb15d602859103

    • SHA1

      0f97c7af1e4185d2dfa1a9af5ae4c9ad3bfc897a

    • SHA256

      6141566287a4de53c826f96492ddf53acd36ff44f90f380011b8ed5f672fef6b

    • SHA512

      4ba43b8480acff2709045baa9cc58c5f1123af98b98e391a43e0cd506163765ab25cbebe070ad3aaeee4642be1d1f3881625c0ce8e1440dc99502ce79d2c0ee7

    Score
    10/10
    bazarbackdoorbackdoor

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Blacklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks