bazarbackdoor | e92326c48a471a0b60bdb277f993d6ed4be401aa4a1d73617e1e2a2e18d26d1a | Triage

Sharing

General

Target

e92326c48a471a0b60bdb277f993d6ed4be401aa4a1d73617e1e2a2e18d26d1a
Size

5.0MB
Sample

220417-kxlxpsgad8
MD5

c7d00e4d6319da479042c9f645a0377e
SHA1

cf9d94078ed2223116321d1641a9484160d616e8
SHA256

e92326c48a471a0b60bdb277f993d6ed4be401aa4a1d73617e1e2a2e18d26d1a
SHA512

a0b4dd89c1fdee826f997dab330ff3046c2c87a4924d64162358867b85ff9fb5018c602b0ed65db7ff4045e57d36fa732fa9665226216feebe7f6ca6c49d014b

Score

10^/10

bazarbackdoor pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  e92326c48a471a0b60bdb277f993d6ed4be401aa4a1d73617e1e2a2e18d26d1a
- Size
  
  5.0MB
- MD5
  
  c7d00e4d6319da479042c9f645a0377e
- SHA1
  
  cf9d94078ed2223116321d1641a9484160d616e8
- SHA256
  
  e92326c48a471a0b60bdb277f993d6ed4be401aa4a1d73617e1e2a2e18d26d1a
- SHA512
  
  a0b4dd89c1fdee826f997dab330ff3046c2c87a4924d64162358867b85ff9fb5018c602b0ed65db7ff4045e57d36fa732fa9665226216feebe7f6ca6c49d014b
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerbazarbackdoor

behavioral1

behavioral2