General
-
Target
emissorNFe-4_0_1-homologacao.jnlp
-
Size
5KB
-
Sample
220223-nw88dshhe4
-
MD5
2ebf995cb469c94a513859241e1da199
-
SHA1
9481f062253280e47bbcb7cdabba1d134a97d3f2
-
SHA256
ae2667448077b7b49183d1340ca301fba6b7b606829a34ab4b1401a01db9439b
-
SHA512
80be73ca92c54dfe090e111b9be3f86480a0265463b8ccb982b4d3805ba26d4b3fe69f2488487f94b5c470a15338dfb8de0aeecef3b282e4b6808938798e4791
Malware Config
Extracted
http:/emissores.sebrae.com.br/nfe/v401/homologacao/emissorNFe-4_0_1-homologacao.jnlp
Targets
-
-
Target
emissorNFe-4_0_1-homologacao.jnlp
-
Size
5KB
-
MD5
2ebf995cb469c94a513859241e1da199
-
SHA1
9481f062253280e47bbcb7cdabba1d134a97d3f2
-
SHA256
ae2667448077b7b49183d1340ca301fba6b7b606829a34ab4b1401a01db9439b
-
SHA512
80be73ca92c54dfe090e111b9be3f86480a0265463b8ccb982b4d3805ba26d4b3fe69f2488487f94b5c470a15338dfb8de0aeecef3b282e4b6808938798e4791
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-