Overview

overview

10

Static

static

Internet-Win7-30min

windows7_x64

10

NoInternet-Win7-10min

windows7_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Report-doc.11.03.xlsb

  • Size

    26KB

  • Sample

    201103-aqjqez9kze

  • MD5

    9cf051461a704aca7b839964ab2355ab

  • SHA1

    056244cddc082c128df5dda156ac9c1428121e04

  • SHA256

    4fb1df3cc70ff21190e4ce1c6791a0112aba9acd582d1379bc73fcc27e607810

  • SHA512

    ce359920c8fcc6a52683be1b84ef4582900853d4d3b5ca410a929d01f32a47242a1a8a419d435757b45df949fdb2d6392e43aa15eadbb8fa56c82d893bc2e693

Score
10/10
bazarbackdoorbackdoor

Malware Config

Targets

    • Target

      Report-doc.11.03.xlsb

    • Size

      26KB

    • MD5

      9cf051461a704aca7b839964ab2355ab

    • SHA1

      056244cddc082c128df5dda156ac9c1428121e04

    • SHA256

      4fb1df3cc70ff21190e4ce1c6791a0112aba9acd582d1379bc73fcc27e607810

    • SHA512

      ce359920c8fcc6a52683be1b84ef4582900853d4d3b5ca410a929d01f32a47242a1a8a419d435757b45df949fdb2d6392e43aa15eadbb8fa56c82d893bc2e693

    Score
    10/10
    bazarbackdoorbackdoor

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks