ee1db7f0ad39df1af6eb5166447b1471.exe

General
Target

ee1db7f0ad39df1af6eb5166447b1471.exe

Size

386KB

Sample

210427-4qrnfw951s

Score
10 /10
MD5

ee1db7f0ad39df1af6eb5166447b1471

SHA1

9111bc344d733b1aba0aef2e81b5e9fbc9d01e8f

SHA256

842e396f05d590ec88da30e6180dfb29a7aec16e3ef5b49398fde8b79e4090bd

SHA512

26366e9fbc998105a4ee00ab91abb4110fc8849a513a29821e3611a3762cfb083722bc83836704de87531e9164d648e16b6a381daa3f046ead17ac4422fab0e0

Malware Config
Targets
Target

ee1db7f0ad39df1af6eb5166447b1471.exe

MD5

ee1db7f0ad39df1af6eb5166447b1471

Filesize

386KB

Score
10 /10
SHA1

9111bc344d733b1aba0aef2e81b5e9fbc9d01e8f

SHA256

842e396f05d590ec88da30e6180dfb29a7aec16e3ef5b49398fde8b79e4090bd

SHA512

26366e9fbc998105a4ee00ab91abb4110fc8849a513a29821e3611a3762cfb083722bc83836704de87531e9164d648e16b6a381daa3f046ead17ac4422fab0e0

Tags

Signatures

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

    Tags

  • BazarBackdoor

    Description

    Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    Tags

  • Bazar/Team9 Backdoor payload

  • Bazar/Team9 Loader payload

  • Blocklisted process makes network request

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation