rt3ret3.exe

General
Target

rt3ret3.exe

Size

236KB

Sample

210401-s8k19w3r2a

Score
10 /10
MD5

efa4b2e7d7016a1f80efff5840de3a18

SHA1

04606786daa6313867c7ada1f0c9c925d9b602fb

SHA256

291c573996c647508544e8e21bd2764e6e4c834d53d6d2c8903a0001c783764b

SHA512

11446166922efb329d547ce329fb3ed70a3a99c1c037533beaecefd16d4a67c9dc9201592b0428a06fd956e4bb5caf3f7997a86200792e3e29a041f0963b2ced

Malware Config
Targets
Target

rt3ret3.exe

MD5

efa4b2e7d7016a1f80efff5840de3a18

Filesize

236KB

Score
10 /10
SHA1

04606786daa6313867c7ada1f0c9c925d9b602fb

SHA256

291c573996c647508544e8e21bd2764e6e4c834d53d6d2c8903a0001c783764b

SHA512

11446166922efb329d547ce329fb3ed70a3a99c1c037533beaecefd16d4a67c9dc9201592b0428a06fd956e4bb5caf3f7997a86200792e3e29a041f0963b2ced

Tags

Signatures

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

    Tags

  • Bazar/Team9 Loader payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1