General
-
Target
14a67616965e7a5aa56509a4d7bb727cdd3d41390d854695be84cda61fd588d2
-
Size
42.0MB
-
Sample
221007-j6fxdacbek
-
MD5
72ca9af6a3d2af7560dc2b29dba4665f
-
SHA1
278d6e7c55894d25bb4ebd23215ebd7d78b408e2
-
SHA256
14a67616965e7a5aa56509a4d7bb727cdd3d41390d854695be84cda61fd588d2
-
SHA512
406801496d7c26475e9b498f6363555e64344b5c0f3ff5bf9222c00310076759a35e52bc912e60305c95f479e2c8c4a34e667a4a3c77d087f2583368b43b2c89
-
SSDEEP
786432:Skoc/4rmLIVL0rG+HhqPw4n+4oJ4n5SMb7xcEI9pYQOMcW+DF+9A6ommn:SkZ/xxGIhqPPo+Soxq9pY/Pj+9AP
Static task
static1
Behavioral task
behavioral1
Sample
14a67616965e7a5aa56509a4d7bb727cdd3d41390d854695be84cda61fd588d2.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
14a67616965e7a5aa56509a4d7bb727cdd3d41390d854695be84cda61fd588d2.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
14a67616965e7a5aa56509a4d7bb727cdd3d41390d854695be84cda61fd588d2
-
Size
42.0MB
-
MD5
72ca9af6a3d2af7560dc2b29dba4665f
-
SHA1
278d6e7c55894d25bb4ebd23215ebd7d78b408e2
-
SHA256
14a67616965e7a5aa56509a4d7bb727cdd3d41390d854695be84cda61fd588d2
-
SHA512
406801496d7c26475e9b498f6363555e64344b5c0f3ff5bf9222c00310076759a35e52bc912e60305c95f479e2c8c4a34e667a4a3c77d087f2583368b43b2c89
-
SSDEEP
786432:Skoc/4rmLIVL0rG+HhqPw4n+4oJ4n5SMb7xcEI9pYQOMcW+DF+9A6ommn:SkZ/xxGIhqPPo+Soxq9pY/Pj+9AP
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-