Overview

overview

10

Static

static

0a7b2e1771...91.exe

windows7-x64

10

0a7b2e1771...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a7b2e177130f79f28afe0c2f40eba8d7407ee346b4bf710aab1c461055be091

  • Size

    42.1MB

  • Sample

    221004-f2ab9adgbm

  • MD5

    8f8d83f16ce564d36e2a69a1f4e03c31

  • SHA1

    c7238a500acb380f85f8d5c8bb8d5f396738dc27

  • SHA256

    0a7b2e177130f79f28afe0c2f40eba8d7407ee346b4bf710aab1c461055be091

  • SHA512

    6dee695d0671074b82cbf6131a91fa7521d24cff2f38ed6763aa57fe097a8e1809ac69b70c799956bd251a7e047672cef5d60e0805775c0473dc06eafde55e06

  • SSDEEP

    786432:ZqHp5/WbZIgG6EBkvhUyR3zJ2zhEUcMjWP2lAKO7eqpsI49Ug6S6Y5l6vTsylLQL:ZSWzmB8GyRDIiULWVS+49+WAlLQgE

Score
10/10
bazarbackdoorbackdoorbootkitpersistence

Malware Config

Targets

    • Target

      0a7b2e177130f79f28afe0c2f40eba8d7407ee346b4bf710aab1c461055be091

    • Size

      42.1MB

    • MD5

      8f8d83f16ce564d36e2a69a1f4e03c31

    • SHA1

      c7238a500acb380f85f8d5c8bb8d5f396738dc27

    • SHA256

      0a7b2e177130f79f28afe0c2f40eba8d7407ee346b4bf710aab1c461055be091

    • SHA512

      6dee695d0671074b82cbf6131a91fa7521d24cff2f38ed6763aa57fe097a8e1809ac69b70c799956bd251a7e047672cef5d60e0805775c0473dc06eafde55e06

    • SSDEEP

      786432:ZqHp5/WbZIgG6EBkvhUyR3zJ2zhEUcMjWP2lAKO7eqpsI49Ug6S6Y5l6vTsylLQL:ZSWzmB8GyRDIiULWVS+49+WAlLQgE

    Score
    10/10
    bazarbackdoorbackdoorbootkitpersistence

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Bazar/Team9 Backdoor payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks