bazarbackdoor | 45d8f58be85155165282d500c6cb8e135c66791294c85362ff43f541ab9f8d8c | Triage

Submit
Reports

Overview

overview

Static

static

ProxyChecker.exe

windows7-x64

Sharing

General

Target

ProxyChecker.exe
Size

9.2MB
Sample

221218-x4ehesde52
MD5

282a174261a5c0fdec33cada88a324e4
SHA1

286d8b4aac44268445bb768f67131cd699fc744d
SHA256

45d8f58be85155165282d500c6cb8e135c66791294c85362ff43f541ab9f8d8c
SHA512

31e5c227d6ef3ed0e6d1373cfedda54993d484cbe2bfc680ad8e71d089aab791a422903e80755002833cce72d6260c8ed53cb632e651664dca28824077f02294
SSDEEP

196608:x6ZLA0XTNTX5k+5ykc9EZXwJAinGPNbv0mlqzosG:x6S0F5ki+qYyND0mlqzosG

Score

10^/10

bazarbackdoor adware backdoor persistence stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

ProxyChecker.exe

Resource

win7-20220812-en

bazarbackdoor adware backdoor persistence stealer upx

windows7-x64

25 signatures

1800 seconds

Malware Config

Targets

- Target
  
  ProxyChecker.exe
- Size
  
  9.2MB
- MD5
  
  282a174261a5c0fdec33cada88a324e4
- SHA1
  
  286d8b4aac44268445bb768f67131cd699fc744d
- SHA256
  
  45d8f58be85155165282d500c6cb8e135c66791294c85362ff43f541ab9f8d8c
- SHA512
  
  31e5c227d6ef3ed0e6d1373cfedda54993d484cbe2bfc680ad8e71d089aab791a422903e80755002833cce72d6260c8ed53cb632e651664dca28824077f02294
- SSDEEP
  
  196608:x6ZLA0XTNTX5k+5ykc9EZXwJAinGPNbv0mlqzosG:x6S0F5ki+qYyND0mlqzosG
Score

10^/10

bazarbackdoor adware backdoor persistence stealer upx
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Bazar/Team9 Backdoor payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarbackdooradwarebackdoorpersistencestealerupx

© 2018-2024

Terms | Privacy