bazarbackdoor | 135add1f92fee88d8548bfdf8872bee1d7a0c2b878874eca684b684f99c13a1f | Triage

Submit
Reports

Overview

overview

Static

static

8

0d8679cdd5...58.doc

windows7_x64

0d8679cdd5...58.doc

windows10_x64

Sharing

General

Target

5390999528570880.zip
Size

71KB
Sample

210929-2rh3asfhe4
MD5

f279cb6e227fb8b1341e5dbe40879044
SHA1

61613b7b6b3a7ffef1311387b0f36a5ede68b3da
SHA256

135add1f92fee88d8548bfdf8872bee1d7a0c2b878874eca684b684f99c13a1f
SHA512

41d42858fb0b4455e0dc4b16cc8e5337f663c428ed36a9ad2317095c939596b935dbe343e25f6d5fac8350f5bc28fa73a9a79ac9319f0bb2673bb04f3d538b4c

Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader macro

Static task

static1

Behavioral task

behavioral1

Sample

0d8679cdd59a906f58a4e4ec7ef8d673b7360cd9e12d284281a239876fe17c58.doc

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0d8679cdd59a906f58a4e4ec7ef8d673b7360cd9e12d284281a239876fe17c58.doc

Resource

win10v20210408

bazarbackdoor bazarloader backdoor dropper loader

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0d8679cdd59a906f58a4e4ec7ef8d673b7360cd9e12d284281a239876fe17c58
- Size
  
  132KB
- MD5
  
  3229684f95e4e8719676d69a35e17ea8
- SHA1
  
  0e94cd2c8cbccd585f167d2381c215cd65c129c1
- SHA256
  
  0d8679cdd59a906f58a4e4ec7ef8d673b7360cd9e12d284281a239876fe17c58
- SHA512
  
  cf667c33f8fcee9aa93a410634c51730c1db6f917acb452ec5b2e4670cbfdf1a9b8b9aaaf5e0d75763091d7c00f74ca93575a9bc56eeb698de062c14459dfc41
Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Bazar/Team9 Backdoor payload
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bazarbackdoorbazarloaderbackdoordropperloader

© 2018-2024

Terms | Privacy