bazarbackdoor | 2049636dacf350e2d08a2c977750ccbf4b8cc13732aac3863be940facd7a5989 | Triage

Submit
Reports

Overview

overview

Static

static

ZlvFNj.dat.dll

windows7_x64

ZlvFNj.dat.dll

windows10_x64

Sharing

General

Target

ZlvFNj.dat
Size

1.0MB
Sample

210722-ddb7rhhaax
MD5

6aec6aee754419c449358e21fc5cadea
SHA1

76bf3a742f006eacbf948423b5154b9344b839da
SHA256

2049636dacf350e2d08a2c977750ccbf4b8cc13732aac3863be940facd7a5989
SHA512

98c9db31be8c1ca2ac08d4228d844a21af03a9f267b4dbc2b6ff2a2d140939fb2cbf93b20202c84a9b9c3cad57896da58f533e454e6aecc2a1b187c2fc26adee

Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader

Static task

static1

Behavioral task

behavioral1

Sample

ZlvFNj.dat.dll

Resource

win7v20210408

bazarbackdoor bazarloader backdoor dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ZlvFNj.dat.dll

Resource

win10v20210410

bazarbackdoor bazarloader backdoor dropper loader

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ZlvFNj.dat
- Size
  
  1.0MB
- MD5
  
  6aec6aee754419c449358e21fc5cadea
- SHA1
  
  76bf3a742f006eacbf948423b5154b9344b839da
- SHA256
  
  2049636dacf350e2d08a2c977750ccbf4b8cc13732aac3863be940facd7a5989
- SHA512
  
  98c9db31be8c1ca2ac08d4228d844a21af03a9f267b4dbc2b6ff2a2d140939fb2cbf93b20202c84a9b9c3cad57896da58f533e454e6aecc2a1b187c2fc26adee
Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Bazar/Team9 Backdoor payload
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Remote System Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarbackdoorbazarloaderbackdoordropperloader

behavioral2

bazarbackdoorbazarloaderbackdoordropperloader

© 2018-2024

Terms | Privacy