bazarbackdoor | e71c9509232afb3542f9a37ea46e0e79492ae6a42a60c5f0b538cc291355dcbb | Triage

Sharing

General

Target

e71c9509232afb3542f9a37ea46e0e79492ae6a42a60c5f0b538cc291355dcbb
Size

5.0MB
Sample

220329-zp6z8sfcep
MD5

c7de83f4bddbebda0c606f5b60f33156
SHA1

53e7c525387b41c75777b1f2a49cb7af7cf82b2c
SHA256

e71c9509232afb3542f9a37ea46e0e79492ae6a42a60c5f0b538cc291355dcbb
SHA512

6f89daa4ec36b9128021b5bb00d503af46d7cc5f68f95d35f46ecb6e200d0d0efa09672c7196e20da05edd06c2f2f81c485af23723263573fe0add09824b9194

Score

10^/10

bazarbackdoor pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  e71c9509232afb3542f9a37ea46e0e79492ae6a42a60c5f0b538cc291355dcbb
- Size
  
  5.0MB
- MD5
  
  c7de83f4bddbebda0c606f5b60f33156
- SHA1
  
  53e7c525387b41c75777b1f2a49cb7af7cf82b2c
- SHA256
  
  e71c9509232afb3542f9a37ea46e0e79492ae6a42a60c5f0b538cc291355dcbb
- SHA512
  
  6f89daa4ec36b9128021b5bb00d503af46d7cc5f68f95d35f46ecb6e200d0d0efa09672c7196e20da05edd06c2f2f81c485af23723263573fe0add09824b9194
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerbazarbackdoor

behavioral1

behavioral2