bazarbackdoor | 365c4a15a704d7a6244a34ef94bc2aa845ae8435ab4ff4bdac7da55e76f75cf6 | Triage

Submit
Reports

Overview

overview

Static

static

8

require 01...21.doc

windows7_x64

require 01...21.doc

windows10_x64

Sharing

General

Target

require 010.04.2021.doc
Size

75KB
Sample

211005-p6y1vahge3
MD5

6969e17d53d20ffd5dfd76d4955e5cc9
SHA1

da3b0bd9b89c264d0b6520658a1b0e9b851bd2d9
SHA256

365c4a15a704d7a6244a34ef94bc2aa845ae8435ab4ff4bdac7da55e76f75cf6
SHA512

8acb4fbce39b9c9b35e41d2efb4ff05641d9f14b3ec2a90163bbe3a7c33eca8fa7574b53aede7c55e19dd75ab623469b116157afc79ef80d6c1bf8892a212448

Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader macro macro_on_action xlm

Static task

static1

macro xlm macro_on_action

Behavioral task

behavioral1

Sample

require 010.04.2021.doc

Resource

win7v20210408

bazarbackdoor bazarloader backdoor dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

require 010.04.2021.doc

Resource

win10-en-20210920

bazarbackdoor bazarloader backdoor dropper loader

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  require 010.04.2021.doc
- Size
  
  75KB
- MD5
  
  6969e17d53d20ffd5dfd76d4955e5cc9
- SHA1
  
  da3b0bd9b89c264d0b6520658a1b0e9b851bd2d9
- SHA256
  
  365c4a15a704d7a6244a34ef94bc2aa845ae8435ab4ff4bdac7da55e76f75cf6
- SHA512
  
  8acb4fbce39b9c9b35e41d2efb4ff05641d9f14b3ec2a90163bbe3a7c33eca8fa7574b53aede7c55e19dd75ab623469b116157afc79ef80d6c1bf8892a212448
Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Bazar/Team9 Backdoor payload
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macroxlmmacro_on_action

behavioral1

bazarbackdoorbazarloaderbackdoordropperloader

behavioral2

bazarbackdoorbazarloaderbackdoordropperloader

© 2018-2024

Terms | Privacy