bazarbackdoor | 57b1478167911e633c9480852e6e8e87691c9f8a31201fbd25a70ab42c07808c | Triage

Sharing

General

Target

home.exe
Size

675KB
Sample

201103-wbjkja5mqn
MD5

7f82baf6acac3e3082e2c22c657e8c0c
SHA1

0b950d2be03ca5ab99c81cc629c434e980cd167a
SHA256

57b1478167911e633c9480852e6e8e87691c9f8a31201fbd25a70ab42c07808c
SHA512

83e1b81eed8656a56c8ff7b9f6e32c03a45e9518b9144d1fe7eda57ecc9898d3dcfeb703d195a4d9e3578ace25085764cf3ce9da68915273fcea0181866e9e61

Score

10^/10

bazarbackdoor backdoor

Malware Config

Targets

- Target
  
  home.exe
- Size
  
  675KB
- MD5
  
  7f82baf6acac3e3082e2c22c657e8c0c
- SHA1
  
  0b950d2be03ca5ab99c81cc629c434e980cd167a
- SHA256
  
  57b1478167911e633c9480852e6e8e87691c9f8a31201fbd25a70ab42c07808c
- SHA512
  
  83e1b81eed8656a56c8ff7b9f6e32c03a45e9518b9144d1fe7eda57ecc9898d3dcfeb703d195a4d9e3578ace25085764cf3ce9da68915273fcea0181866e9e61
Score

10^/10

bazarbackdoor backdoor
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Blacklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarbackdoorbackdoor

behavioral2

bazarbackdoorbackdoor