Overview

overview

10

Static

static

10

jre-8u331-...64.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    jre-8u331-windows-x64.exe

  • Size

    82.9MB

  • Sample

    220422-xk7d4abdgn

  • MD5

    6e2c973cf5a1ab5290e7923da6a0a652

  • SHA1

    ef6360a19084e15a55f080ca1a0e9cc2e0231308

  • SHA256

    20a3990bf57c65dfada53558ea94b54db8c7ae5aefa86c612ffbe475c6215b98

  • SHA512

    614d6108712d301222949f531679d915e9158cce7b05c66b8f10392b0743c2cd24c8d71b2c1dd3c52ce95f733d30f7d77511d9b333d6135c3a8931767501ca76

Score
10/10
bazarbackdoorbackdoorupx

Malware Config

Targets

    • Target

      jre-8u331-windows-x64.exe

    • Size

      82.9MB

    • MD5

      6e2c973cf5a1ab5290e7923da6a0a652

    • SHA1

      ef6360a19084e15a55f080ca1a0e9cc2e0231308

    • SHA256

      20a3990bf57c65dfada53558ea94b54db8c7ae5aefa86c612ffbe475c6215b98

    • SHA512

      614d6108712d301222949f531679d915e9158cce7b05c66b8f10392b0743c2cd24c8d71b2c1dd3c52ce95f733d30f7d77511d9b333d6135c3a8931767501ca76

    Score
    10/10
    bazarbackdoorbackdoorupx

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Bazar/Team9 Backdoor payload

    • Blocklisted process makes network request

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks