bazarbackdoor | 020048505e3e7ebc9b4f556b1a9925677922bfc4c6ed94cba0e96dd89f82a75a

Sharing

Copy URL

Twitter E-mail

General

Target

Office_Professional_Plus_2016_32Bit_Spanish.ISO
Size

819.9MB
Sample

230123-x73z7agf6z
MD5

fe4ed7bad0a2cc5387858d64e0fa79af
SHA1

9e1f844ec69c2e0dd3332a3fda14f02a7ec3cd3a
SHA256

020048505e3e7ebc9b4f556b1a9925677922bfc4c6ed94cba0e96dd89f82a75a
SHA512

cf23a55d3ab318047a07c8e25c223ad887611b0740f0e87f48b3f04478302d44bce2aadf4732a4ce3850df5facd9ed146053d6c73474e3cbe2602d1c6627ffe1
SSDEEP

12582912:klEsp9udx1Pkuio37Iq8reEe1Z58pp4ipm+aTv+rfNr+Qc1PIs8Xow:kFpUdxdxHkdbeTup43B4FaQc1PIs8Yw

Score

10^/10

Malware Config

Targets

- Target
  
  admin/en-us/octres.dll
- Size
  
  408KB
- MD5
  
  c3cfb928cf7bb5e099c8d0db7a5a67fd
- SHA1
  
  07589be09ddeb2ee20123e2317937fc97f5cccc1
- SHA256
  
  f805d276ff30e48639e0d5d0888fc618dd75c3fefae7b2aaeb08c7ce250ccaa0
- SHA512
  
  bead455b8e198ee026d64c87f5b329476ab9be0e5ba482c4543c7d0b4c65d5386c1bf6b225a15852468e7d1723377e069742c78280601f7ffc79ed459215d812
- SSDEEP
  
  3072:t2Gh8/0D7UGIPCDT3iek/o3Dt0em/9oDhNMKEY4blS6Fx:t337nhP3iN/o6FonMl
Score

1^/10
behavioral1 behavioral2
- Target
  
  admin/es-es/octres.dll
- Size
  
  427KB
- MD5
  
  3f6cc50e93f4250c7ec39befa6928140
- SHA1
  
  18e2e14a1c939a454ba1b8ae3b59666ba569d03d
- SHA256
  
  aa18b5c078c224764033e5027f74f30c6b806654b3342c30bc5cad8d207152db
- SHA512
  
  7f064164e7ed9888f0a8cdab26166aff3d9568e175ee979590cb82bc51bab28324dc844e8d75f7bc8534f8f09e80c66f595382bb87e072bca5cbae3eac067cdf
- SSDEEP
  
  3072:Z2Gh8/0D7UGIPCDT3iek/o3Dt0em/v9Ds5pl89Q0WXX:Z337nhP3iN/o6G5pl89Qt
Score

1^/10
behavioral3 behavioral4
- Target
  
  admin/fr-fr/octres.dll
- Size
  
  429KB
- MD5
  
  7e2b2e8b6d6b7938d61a674b0309048d
- SHA1
  
  707639967c5acf35f0285bdeb32c5440ada55dbe
- SHA256
  
  5f419b049f6b6fae302814140ff4652342001f2b889da4b8ff6b27a7f9d62521
- SHA512
  
  3f459db6f29ce04ecab57b1d4261ca2fc873934eabae1c021916c3186f7b08fac21b1a59863cc1a556d5d6df054e4f8957cb959ad80402ec6aa03ee1dedd3f00
- SSDEEP
  
  3072:Y2Gh8/0D7UGIPCDT3iek/o3Dt0em/JUmqORZ9mhT:Y337nhP3iN/o6OOM
Score

1^/10
behavioral5 behavioral6
- Target
  
  admin/it-it/octres.dll
- Size
  
  424KB
- MD5
  
  a3c3e9b10d76bbf5168fa1a3ee692e7b
- SHA1
  
  339756125f76406489c47fc5ec9cb1e8935006cc
- SHA256
  
  3b06820ed15a631c1577d1cafc9e2b8cf60283dd1d943d1a3e3869a2f5b4b6ff
- SHA512
  
  27fa768a8be6ee22be3b63295d4cb9e63ca6f971bcdf801f09a8c11d3530d296022ede4f60b8565246282e4791fd176d8cfa61463a3c03a03bd6411343123288
- SSDEEP
  
  3072:N2Gh8/0D7UGIPCDT3iek/o3Dt0em/ovOA3qIX68egLJXgT91L2cq:N337nhP3iN/o6t8e4
Score

1^/10
behavioral7 behavioral8
- Target
  
  admin/ja-jp/octres.dll
- Size
  
  390KB
- MD5
  
  c90a6cf0e21e59a5b9f66b4cf4e341b3
- SHA1
  
  94ea2f0d3b8468e27b6f10d2924cd49e82047921
- SHA256
  
  41b91c3dd42ccce7273dd73d62cec8f7b12613582f4229c3a99efa5a0e734ad5
- SHA512
  
  99b429ded65011927861901f927a5508218fed7cdd83aa30e52cb52ccbce614249a60515f72741978bba801a2d80111ccfa38126f61457aa3db6e2a170015fed
- SSDEEP
  
  3072:a2Gh8/0D7UGIPCDT3iek/o3Dt0em/+SJq8fxEOoCh87j:a337nhP3iN/o6WEEOoe4
Score

1^/10
behavioral10 behavioral9
- Target
  
  admin/ko-kr/octres.dll
- Size
  
  387KB
- MD5
  
  d4b656a5d520af03b67c81b340bcc5ca
- SHA1
  
  55c1b8442bb9be6d5eafdbb9e0089ff8e3d29680
- SHA256
  
  9440d84a9a301f481466485a7c8898386c09bdac54f8458d11ab25b29b256053
- SHA512
  
  a63a171318b5c2f4885ae98df19b1659f7375a59cffd57cae11b3e047c3c176fa86554cfbc93201df705bf4bc2d2bb8dfa536a3f097cb7269c5abc126741ad2c
- SSDEEP
  
  3072:K2Gh8/0D7UGIPCDT3iek/o3Dt0em/Wcu+7tw1Bpf:K337nhP3iN/o69uH
Score

1^/10
behavioral11 behavioral12
- Target
  
  admin/oct.dll
- Size
  
  4.8MB
- MD5
  
  218cf4adced2c05d969563cbc483510a
- SHA1
  
  8e52ff08de41440218423149d2aad6873295380b
- SHA256
  
  cc8e03eb9dd7b89b92b7e60d59478c6a7697e825438290de8aa6acc02bab0174
- SHA512
  
  7468e47bb11a64036fa6afb7a1236ca69aa8c203881fecaae5af78fa6d9dd23045911cb24820a3a1318c835656dcd90f586060d453a02925d6b6137c979f68e8
- SSDEEP
  
  49152:G1Foq7ClKhuTe6A42iMXwTJMUI/VO/dLZwUziV5T31R1ayMJY4F8OTF+0:G1F+KUe6DIQ/biPcY8
Score

3^/10
behavioral13 behavioral14
- Target
  
  admin/octca.dll
- Size
  
  124KB
- MD5
  
  8362426e1c47489ab141db1f52e2e4b6
- SHA1
  
  1a4f7eb0d3f9f0ea74b477f75bbb7fc07f83f7e5
- SHA256
  
  fba05af9a65969f28d0d02fe01feb0af432c9eea38e00e33cfd4676a2ec5a43e
- SHA512
  
  47fe87a1674fdca65deffbc3b29b2c0642351e26f17b370912f216e29daaedab7140b3ef830616cc43426acda1c58669f170ecb2811a503c3fed5efe13370ce5
- SSDEEP
  
  3072:gpjd7gDeiv4uMfoVszU0FyvX62NFVlAYl8L4ZzP:OgDexuEzU0Sl1g4ZD
Score

1^/10
behavioral15 behavioral16
- Target
  
  admin/pt-br/octres.dll
- Size
  
  421KB
- MD5
  
  2eadfe4084f9a34c2b3e265dbf9e2058
- SHA1
  
  75c615fa9420016462583310a9f331c09d4e6178
- SHA256
  
  a1efb27c2fd8e2e552e88d623ce7847132c42fbb5e4f6082d900f7a42764781d
- SHA512
  
  5b00946f9464f7b7f07c952f799ec821e63397aab9ac250a23930ff84da3544bd2a3ccb476cbbb4d73d51303edfb0f8c84b55c2dae054038c88680399fcdbf79
- SSDEEP
  
  3072:N+2Gh8/0D7UGIPCDT3iek/o3Dt0em/q9QgXLsyA9AFmZ8sLnUea:N+337nhP3iN/o65dU
Score

1^/10
behavioral17 behavioral18
- Target
  
  admin/ru-ru/octres.dll
- Size
  
  419KB
- MD5
  
  ba9037f5defddf7d6ab69fb288c66921
- SHA1
  
  6df93d364455458652b1175b80b65406e81eb7b5
- SHA256
  
  b7b7a7be5bbf62e9973bf2040af920d0378613f39a98dc2325abb4e9de7d9e0c
- SHA512
  
  959b5cdd88d237ce3bdf9462ca409fef84530b4724761641efc8109e89f427956cbe3e2c7ff127b7250fd74d954e4a77fe1333fe222b0a9079b59b9287c3bbf9
- SSDEEP
  
  3072:n2Gh8/0D7UGIPCDT3iek/o3Dt0em/QckeNPhvlP:n337nhP3iN/o6TPht
Score

1^/10
behavioral19 behavioral20
- Target
  
  admin/zh-cn/octres.dll
- Size
  
  378KB
- MD5
  
  1ff26b0c65c29c8cb53b28299b8349e6
- SHA1
  
  3e80bc2340938bf6d33e9c4f20dcfe9429b346e3
- SHA256
  
  da34e222b069dd035ee8732a2b1417c5a6e0227b2fc81cdf647c68fe912f230e
- SHA512
  
  8a924f253c50140f4a906529a2ca9dddd3e67b9daf9866e6a628fb44482664c0d75c2a8232289db887a42ffe891ddd0d759f2db26f49b483cd30caab08d3f30e
- SSDEEP
  
  3072:c2Gh8/0D7UGIPCDT3iek/o3Dt0em/t5TllNUECyqE:c337nhP3iN/o6zllNUECG
Score

1^/10
behavioral21 behavioral22
- Target
  
  admin/zh-tw/octres.dll
- Size
  
  379KB
- MD5
  
  c9499bee426df7234382d78edd4b7ada
- SHA1
  
  b9b501da42ae69d1fe1dca67b5dd7e04c82e12d5
- SHA256
  
  dc2d2c29eca34965ab3b788d1956ca1aa5b19b45e5410127d1d12b99cbffe124
- SHA512
  
  f167cc7abdca9986911c7cdee5864d76931277f19de47e7c85b1d05e63b461884743f3cede3955a37a5fb7389d41ffb23f6ad38d6173de8644578a08ed44b0d2
- SSDEEP
  
  3072:Vc2Gh8/0D7UGIPCDT3iek/o3Dt0em/hCJTpoaz3/C:C337nhP3iN/o6JCop
Score

1^/10
behavioral23 behavioral24
- Target
  
  dcf.es-es/dcfmui.msi
- Size
  
  2.3MB
- MD5
  
  a0543b894c018380cc5e868f3f168069
- SHA1
  
  583ec7da66ba57ba1fb4415380259614117e74ae
- SHA256
  
  42de4102487e0ca49c4968f1109ba98abb970600eda32ac0eb11e489bd9fb8d0
- SHA512
  
  c51e9ff337a37a593dbc91a34de66d16a045862f0d735c8dea65fb8885ce9f21bb55940643315a357a56de5db4a2de41571d44fef073b7cd93bd715ea32bc932
- SSDEEP
  
  49152:IhIu+svi4ut1yFXyzEKqle+93GwtF2VbIPk9u:IhIuFvPut1WKM3Gw7Yb
Score

7^/10
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral25 behavioral26
- Target
  
  excel.es-es/excelmui.msi
- Size
  
  2.3MB
- MD5
  
  7929ced90a0ae0bc555008de48126723
- SHA1
  
  364d7b13c9e61221e6f8e427329656d85790d10c
- SHA256
  
  1fb86adb56d0b0a13dc974f82673ffdea4021c9c2210bfd97d9aa87b873d84b8
- SHA512
  
  808cb914c3d826f379ab59c7aa787dc088e4246e84885b0edb73967fe21ea283b87f7baeabed00a63eba8b25ce72b678c0137cc5c1eeb31edd1f6cad58acccbb
- SSDEEP
  
  49152:fhIu+svi4ut1yFXyzEKqle+93GwtF2Vb+kbo:fhIuFvPut1WKM3Gw7Yb
Score

7^/10
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral27 behavioral28
- Target
  
  groove.es-es/groovemui.msi
- Size
  
  2.3MB
- MD5
  
  e50796bc085e0be45df6f0f61819ac16
- SHA1
  
  cd7d5515646fb357e879def013d2ff49149c6a90
- SHA256
  
  8c0411e735d2e7feb7b6000bb572f5c2b7dba6b5eb88f4507687812c9400f823
- SHA512
  
  c9d804399ef5a7d54c50a09905d10383eb89b4726b95fafe84d03633ea50062db575afb337cf810ca3fa13a0d7fb42647bcb17b728b6244b3e8e1dc3db88a0b2
- SSDEEP
  
  49152:ZhIu+svi4ut1yFXyzEKqle+93GwtF2VbJPkXt:ZhIuFvPut1WKM3Gw7Yb
Score

7^/10
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral29 behavioral30
- Target
  
  infopath.es-es/infopathmui.msi
- Size
  
  2.3MB
- MD5
  
  5843b660e3f623198ed42a889dbe5483
- SHA1
  
  9355cac7b3685db39af5fe9c6dc1a0f419a72e91
- SHA256
  
  891fc2f5b17120da454002242eec8c821b378a10f3ffda3bbf5a722053efbfb4
- SHA512
  
  e9a4540de7d4f6102cf25c4af42158a2ed5ef190ab5ad28b1c26633941fe0fb0e6ff0d5e95d9fadc2f0a3ea54e210098e0a2568b4616d4c04d82b8b18270e42e
- SSDEEP
  
  49152:ZhIu+svi4ut1yFXyzEKqle+93GwtF2VbUPkE1:ZhIuFvPut1WKM3Gw7Yb
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Enumerates connected drives

Loads dropped DLL

Enumerates connected drives

Loads dropped DLL

Enumerates connected drives

Blocklisted process makes network request

Loads dropped DLL

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32