General
-
Target
0a7b2e177130f79f28afe0c2f40eba8d7407ee346b4bf710aab1c461055be091
-
Size
42.1MB
-
Sample
221004-f2ab9adgbm
-
MD5
8f8d83f16ce564d36e2a69a1f4e03c31
-
SHA1
c7238a500acb380f85f8d5c8bb8d5f396738dc27
-
SHA256
0a7b2e177130f79f28afe0c2f40eba8d7407ee346b4bf710aab1c461055be091
-
SHA512
6dee695d0671074b82cbf6131a91fa7521d24cff2f38ed6763aa57fe097a8e1809ac69b70c799956bd251a7e047672cef5d60e0805775c0473dc06eafde55e06
-
SSDEEP
786432:ZqHp5/WbZIgG6EBkvhUyR3zJ2zhEUcMjWP2lAKO7eqpsI49Ug6S6Y5l6vTsylLQL:ZSWzmB8GyRDIiULWVS+49+WAlLQgE
Static task
static1
Behavioral task
behavioral1
Sample
0a7b2e177130f79f28afe0c2f40eba8d7407ee346b4bf710aab1c461055be091.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0a7b2e177130f79f28afe0c2f40eba8d7407ee346b4bf710aab1c461055be091.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
0a7b2e177130f79f28afe0c2f40eba8d7407ee346b4bf710aab1c461055be091
-
Size
42.1MB
-
MD5
8f8d83f16ce564d36e2a69a1f4e03c31
-
SHA1
c7238a500acb380f85f8d5c8bb8d5f396738dc27
-
SHA256
0a7b2e177130f79f28afe0c2f40eba8d7407ee346b4bf710aab1c461055be091
-
SHA512
6dee695d0671074b82cbf6131a91fa7521d24cff2f38ed6763aa57fe097a8e1809ac69b70c799956bd251a7e047672cef5d60e0805775c0473dc06eafde55e06
-
SSDEEP
786432:ZqHp5/WbZIgG6EBkvhUyR3zJ2zhEUcMjWP2lAKO7eqpsI49Ug6S6Y5l6vTsylLQL:ZSWzmB8GyRDIiULWVS+49+WAlLQgE
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-