bazarbackdoor | hxxp://176[.]111[.]174[.]59/uploads/files/teret[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

URLScan

urlscan

http://176.111.174.5...

windows10_x64

Sharing

General

Target

http://176.111.174.59/uploads/files/teret.exe
Sample

210504-wtf6525d6x

Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader

Static task

static1

URLScan task

urlscan1

Sample

http://176.111.174.59/uploads/files/teret.exe

Behavioral task

behavioral1

Sample

http://176.111.174.59/uploads/files/teret.exe

Resource

win10v20210408

bazarbackdoor bazarloader backdoor dropper loader

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  http://176.111.174.59/uploads/files/teret.exe
Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Bazar/Team9 Backdoor payload
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

bazarbackdoorbazarloaderbackdoordropperloader

© 2018-2024

Terms | Privacy