bazarbackdoor | c0308e66398561f2918c1cbf67e596d4d5de3de7cbf91b49b98afaed7efb30fb | Triage

Submit
Reports

Overview

overview

Static

static

c0308e6639...fb.exe

windows10_x64

Sharing

General

Target

c0308e66398561f2918c1cbf67e596d4d5de3de7cbf91b49b98afaed7efb30fb.exe
Size

7.6MB
Sample

211022-kmsmhabdc3
MD5

e01f059a7ae83e71425a2a8f5b8345c2
SHA1

9864dbf3fd520a290abe5ba1c82f4afc1b521779
SHA256

c0308e66398561f2918c1cbf67e596d4d5de3de7cbf91b49b98afaed7efb30fb
SHA512

6df43ea3f91eb82aaed19364c74dc3c9ddd3d112a1fa846369e78136494b588107fcc3a14e9f28c25bafa1a8c35f273c293bd1c58b9d8c7454e08a9e3187197e

Score

10^/10

bazarbackdoor persistence pyinstaller

Static task

static1

pyinstaller bazarbackdoor

Behavioral task

behavioral1

Sample

c0308e66398561f2918c1cbf67e596d4d5de3de7cbf91b49b98afaed7efb30fb.exe

Resource

win10-ja-20211014

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c0308e66398561f2918c1cbf67e596d4d5de3de7cbf91b49b98afaed7efb30fb.exe
- Size
  
  7.6MB
- MD5
  
  e01f059a7ae83e71425a2a8f5b8345c2
- SHA1
  
  9864dbf3fd520a290abe5ba1c82f4afc1b521779
- SHA256
  
  c0308e66398561f2918c1cbf67e596d4d5de3de7cbf91b49b98afaed7efb30fb
- SHA512
  
  6df43ea3f91eb82aaed19364c74dc3c9ddd3d112a1fa846369e78136494b588107fcc3a14e9f28c25bafa1a8c35f273c293bd1c58b9d8c7454e08a9e3187197e
Score

10^/10

persistence
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallerbazarbackdoor

behavioral1

© 2018-2024

Terms | Privacy