Resubmissions

28-03-2022 12:32

220328-pqyedaeaej 10

18-01-2022 06:25

220118-g64mbsabcm 10

05-05-2021 04:52

210505-vc9dqnmbba 10

General

  • Target

    krerb.exe

  • Size

    199KB

  • Sample

    210505-vc9dqnmbba

  • MD5

    1c74d51a1d7177bf9b23f6a567adc047

  • SHA1

    ecb47205a047b173c4ecaf4f476204ef7154a7ad

  • SHA256

    a8f0170ad5e5cdb0533ea888b0dbc97bc4bd23c9a0531e5e4b7cd1f05fa0875d

  • SHA512

    0f2320ab1c60536cad706564a4ea739f2bac1b7cdd538ac1672542c9c02563292d95c2789845629ce696eca356876859a3efd57b305432d4d833fffd1b4cbef4

Malware Config

Targets

    • Target

      krerb.exe

    • Size

      199KB

    • MD5

      1c74d51a1d7177bf9b23f6a567adc047

    • SHA1

      ecb47205a047b173c4ecaf4f476204ef7154a7ad

    • SHA256

      a8f0170ad5e5cdb0533ea888b0dbc97bc4bd23c9a0531e5e4b7cd1f05fa0875d

    • SHA512

      0f2320ab1c60536cad706564a4ea739f2bac1b7cdd538ac1672542c9c02563292d95c2789845629ce696eca356876859a3efd57b305432d4d833fffd1b4cbef4

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Backdoor payload

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks