General
-
Target
ProxyChecker.exe
-
Size
9.2MB
-
Sample
221218-x4ehesde52
-
MD5
282a174261a5c0fdec33cada88a324e4
-
SHA1
286d8b4aac44268445bb768f67131cd699fc744d
-
SHA256
45d8f58be85155165282d500c6cb8e135c66791294c85362ff43f541ab9f8d8c
-
SHA512
31e5c227d6ef3ed0e6d1373cfedda54993d484cbe2bfc680ad8e71d089aab791a422903e80755002833cce72d6260c8ed53cb632e651664dca28824077f02294
-
SSDEEP
196608:x6ZLA0XTNTX5k+5ykc9EZXwJAinGPNbv0mlqzosG:x6S0F5ki+qYyND0mlqzosG
Static task
static1
Behavioral task
behavioral1
Sample
ProxyChecker.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
ProxyChecker.exe
-
Size
9.2MB
-
MD5
282a174261a5c0fdec33cada88a324e4
-
SHA1
286d8b4aac44268445bb768f67131cd699fc744d
-
SHA256
45d8f58be85155165282d500c6cb8e135c66791294c85362ff43f541ab9f8d8c
-
SHA512
31e5c227d6ef3ed0e6d1373cfedda54993d484cbe2bfc680ad8e71d089aab791a422903e80755002833cce72d6260c8ed53cb632e651664dca28824077f02294
-
SSDEEP
196608:x6ZLA0XTNTX5k+5ykc9EZXwJAinGPNbv0mlqzosG:x6S0F5ki+qYyND0mlqzosG
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Registers COM server for autorun
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-