General

  • Target

    38.exe

  • Size

    724KB

  • Sample

    201102-wlq8p9ypye

  • MD5

    67295decb6b52cd6e304e29d7009aa6e

  • SHA1

    f0d525f021516659a4bf4c78122e5ba4189844f5

  • SHA256

    5e01783bf469b84035524d05fa1cc5ae4128a4c84f2062b8d50f85a56f1f1ec0

  • SHA512

    0e8bdae16494de1c58942c49a2d82cf7c25a167ac73a5c7df8ba59d03e0dde109c9fd8b6dcd2e909001b1e8b49cc2cebf5efae53976c3f13ce38061aca0559ac

Score
10/10

Malware Config

Targets

    • Target

      38.exe

    • Size

      724KB

    • MD5

      67295decb6b52cd6e304e29d7009aa6e

    • SHA1

      f0d525f021516659a4bf4c78122e5ba4189844f5

    • SHA256

      5e01783bf469b84035524d05fa1cc5ae4128a4c84f2062b8d50f85a56f1f1ec0

    • SHA512

      0e8bdae16494de1c58942c49a2d82cf7c25a167ac73a5c7df8ba59d03e0dde109c9fd8b6dcd2e909001b1e8b49cc2cebf5efae53976c3f13ce38061aca0559ac

    Score
    10/10
    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Blacklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks