General
-
Target
update.exe
-
Size
6.1MB
-
Sample
220909-tz7fvsgfb2
-
MD5
27e4dfcae59564bd73bdf7bc2f10e51e
-
SHA1
48aedbe1072bfc093d814c589e21c8696cf58a85
-
SHA256
43216e30e4f15418a8a9b037206a81a771944bcc93ca547fc7a52185dd121960
-
SHA512
24ac1071354637e8de0728cc1edd1927d69a19e10d3858289a063a2df73615b04d9a2214a7d5b8dd13f927cd3968c74101e08b1c9493eb71fddd8fc1a8e02ad9
-
SSDEEP
98304:7cFnqlhTluN5kpbPY2/7/5XrpXPAhhaPNN06wMQHHu9bEfhV393A5JicN9cNRf:IfNsTYW7RbqhEFqJHO65l93A3iUk5
Behavioral task
behavioral1
Sample
update.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
update.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
update.exe
-
Size
6.1MB
-
MD5
27e4dfcae59564bd73bdf7bc2f10e51e
-
SHA1
48aedbe1072bfc093d814c589e21c8696cf58a85
-
SHA256
43216e30e4f15418a8a9b037206a81a771944bcc93ca547fc7a52185dd121960
-
SHA512
24ac1071354637e8de0728cc1edd1927d69a19e10d3858289a063a2df73615b04d9a2214a7d5b8dd13f927cd3968c74101e08b1c9493eb71fddd8fc1a8e02ad9
-
SSDEEP
98304:7cFnqlhTluN5kpbPY2/7/5XrpXPAhhaPNN06wMQHHu9bEfhV393A5JicN9cNRf:IfNsTYW7RbqhEFqJHO65l93A3iUk5
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Nirsoft
-
Executes dropped EXE
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-