bazarbackdoor | f003e8b9aaf7890828c537402950f4e6f72196fe69624cb3ec76a05ae917db42 | Triage

Submit
Reports

Overview

overview

Static

static

Stolen Ima...nce.js

windows7_x64

Stolen Ima...nce.js

windows10_x64

Sharing

General

Target

Stolen Images Evidence.zip
Size

5KB
Sample

211007-wdb4yadacl
MD5

7630e39437bc9c3f00b7a6dbd0ba6ad8
SHA1

4c00adeaf01998bb927b7a6447f7fee443a3da25
SHA256

f003e8b9aaf7890828c537402950f4e6f72196fe69624cb3ec76a05ae917db42
SHA512

1069108af3db3ac200c4819eb6a2403fba33b57621f4d80ddd95ffce195a98bed434c7913f974e31253a2f095e3b82ac8329fde5b53135a7cedd1246cd6a8d0b

Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader

Static task

static1

Behavioral task

behavioral1

Sample

Stolen Images Evidence.js

Resource

win7-en-20210920

bazarbackdoor bazarloader backdoor dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Stolen Images Evidence.js

Resource

win10v20210408

bazarbackdoor bazarloader backdoor dropper loader

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://mopuketo.space/222g100/index.php

Targets

- Target
  
  Stolen Images Evidence.js
- Size
  
  18KB
- MD5
  
  90efa8d6677a45ea3397ab8c2bb5bfcd
- SHA1
  
  451c972435ed6e4a3abe1d390ff52691d84d20fa
- SHA256
  
  7e014f3533333cbbae1dcd3505a25990d07e7f4a3684fb8b35f744d02215b20a
- SHA512
  
  809b4dcb00b016b537279fadec1ace549b6848dcb37a20d0548b7036a2e103e5b4eb7b0f45749fd50a3bae17310ca797362181150fed5be2169f2cb6ac6f9c9a
Score

10^/10

bazarbackdoor bazarloader backdoor dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Bazar/Team9 Backdoor payload
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarbackdoorbazarloaderbackdoordropperloader

behavioral2

bazarbackdoorbazarloaderbackdoordropperloader

© 2018-2024

Terms | Privacy