Overview

overview

10

Static

static

be022464fe...29.exe

windows7_x64

10

be022464fe...29.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be022464fe5b3a190e5554d7cf974faa2622c0b13ed6551b9c9e83a28c6b8129

  • Size

    1.7MB

  • Sample

    220704-d9lzxaedbr

  • MD5

    1bf3dfb666cc4335c040b425e6c3d01a

  • SHA1

    a92cc67625b720d5ded99817d32d6e775a5480e2

  • SHA256

    be022464fe5b3a190e5554d7cf974faa2622c0b13ed6551b9c9e83a28c6b8129

  • SHA512

    1064a3bcad22b3e9fd281d8fec02f08c72f8564510657caeba50c06173c4ecc73f712f5b2be47aa2e8ba7109b59be249038399313fbc99b31ea9829980f5100e

Score
10/10
bazarbackdoorbackdoor

Malware Config

Targets

    • Target

      be022464fe5b3a190e5554d7cf974faa2622c0b13ed6551b9c9e83a28c6b8129

    • Size

      1.7MB

    • MD5

      1bf3dfb666cc4335c040b425e6c3d01a

    • SHA1

      a92cc67625b720d5ded99817d32d6e775a5480e2

    • SHA256

      be022464fe5b3a190e5554d7cf974faa2622c0b13ed6551b9c9e83a28c6b8129

    • SHA512

      1064a3bcad22b3e9fd281d8fec02f08c72f8564510657caeba50c06173c4ecc73f712f5b2be47aa2e8ba7109b59be249038399313fbc99b31ea9829980f5100e

    Score
    10/10
    bazarbackdoorbackdoor

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Bazar/Team9 Backdoor payload

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks