bazarbackdoor | f964cb1615386f5fcf67fe30dfd43c403a0614e21108522b99c7c0abda4270e5 | Triage

Submit
Reports

Overview

overview

Static

static

8

decree_010...21.doc

windows7_x64

decree_010...21.doc

windows10_x64

Sharing

General

Target

decree_010.04.2021.doc
Size

76KB
Sample

211005-p6sh3ahge2
MD5

dc7c830fca5fa6c17aa39736748ae71e
SHA1

b44ee6ebeafa18f7bd08ffaea7f048d9d7f10b6d
SHA256

f964cb1615386f5fcf67fe30dfd43c403a0614e21108522b99c7c0abda4270e5
SHA512

fb523982adc540b6d27c47a0e8f026f1a30b79cbe116f1b492c2cfd5ae5151554d9fddefb1b2529a52fc16f616361c5494183f5def182a7b9628461599b217b9

Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader macro macro_on_action

Static task

static1

macro macro_on_action

Behavioral task

behavioral1

Sample

decree_010.04.2021.doc

Resource

win7v20210408

bazarbackdoor bazarloader backdoor dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

decree_010.04.2021.doc

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  decree_010.04.2021.doc
- Size
  
  76KB
- MD5
  
  dc7c830fca5fa6c17aa39736748ae71e
- SHA1
  
  b44ee6ebeafa18f7bd08ffaea7f048d9d7f10b6d
- SHA256
  
  f964cb1615386f5fcf67fe30dfd43c403a0614e21108522b99c7c0abda4270e5
- SHA512
  
  fb523982adc540b6d27c47a0e8f026f1a30b79cbe116f1b492c2cfd5ae5151554d9fddefb1b2529a52fc16f616361c5494183f5def182a7b9628461599b217b9
Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Bazar/Team9 Backdoor payload
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

bazarbackdoorbazarloaderbackdoordropperloader

behavioral2

© 2018-2024

Terms | Privacy