bazarbackdoor | fd191c44be496e249149130aca11cfcc5db336f961c0ea406672c2acb59ca6a0 | Triage

Submit
Reports

Overview

overview

Static

static

accessClean.jpg.dll

windows10_x64

Sharing

General

Target

accessClean.jpg.dll
Size

697KB
Sample

211005-zqr8gaacg5
MD5

881b324a90273c109096ad480a147376
SHA1

93e5854614e861693a5d930c132ca4674bf9703d
SHA256

fd191c44be496e249149130aca11cfcc5db336f961c0ea406672c2acb59ca6a0
SHA512

a9658fccd3ad8dd73ed68c208006b4772a2774cd0fa6cf3172f6f2a9d43e23cf9f44b616fc4ef0eff46d1f753c85398747e52954ead82ca81844262708ac5e37

Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader

Static task

static1

Behavioral task

behavioral1

Sample

accessClean.jpg.dll

Resource

win10-en-20210920

bazarbackdoor bazarloader backdoor dropper loader

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  accessClean.jpg.dll
- Size
  
  697KB
- MD5
  
  881b324a90273c109096ad480a147376
- SHA1
  
  93e5854614e861693a5d930c132ca4674bf9703d
- SHA256
  
  fd191c44be496e249149130aca11cfcc5db336f961c0ea406672c2acb59ca6a0
- SHA512
  
  a9658fccd3ad8dd73ed68c208006b4772a2774cd0fa6cf3172f6f2a9d43e23cf9f44b616fc4ef0eff46d1f753c85398747e52954ead82ca81844262708ac5e37
Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Bazar/Team9 Backdoor payload
- Bazar/Team9 Loader payload
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bazarbackdoorbazarloaderbackdoordropperloader

© 2018-2024

Terms | Privacy