General
-
Target
88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767
-
Size
42.5MB
-
Sample
221011-c5xeeabecn
-
MD5
f96ce21f37e356f59df71370cba4b71d
-
SHA1
785b724a8cb34b677b7fb0b9b770b9b27b689538
-
SHA256
88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767
-
SHA512
0aa3107611282198d34ecb9c3a83aa56b0d3bbf92624104195c354864bf3053c7a4f6742df419c69a3cedd3688e9c719fc8bf4bd21bb4e450d8b09967980b330
-
SSDEEP
786432:T/n5lSOGApJPAHuXkw7/UQs2MMNixxG1cghRFbbraU3VvcMzztsIxeGX:bnGgAOXkw22sx8cEFbbGKNzz/wGX
Malware Config
Targets
-
-
Target
88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767
-
Size
42.5MB
-
MD5
f96ce21f37e356f59df71370cba4b71d
-
SHA1
785b724a8cb34b677b7fb0b9b770b9b27b689538
-
SHA256
88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767
-
SHA512
0aa3107611282198d34ecb9c3a83aa56b0d3bbf92624104195c354864bf3053c7a4f6742df419c69a3cedd3688e9c719fc8bf4bd21bb4e450d8b09967980b330
-
SSDEEP
786432:T/n5lSOGApJPAHuXkw7/UQs2MMNixxG1cghRFbbraU3VvcMzztsIxeGX:bnGgAOXkw22sx8cEFbbGKNzz/wGX
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-