General
-
Target
Shadow-Fight-2_com.nekki.shadowfight_gameslolc_24881322.exe
-
Size
2.7MB
-
Sample
230225-gqphgacb8s
-
MD5
dfd04a2324cce85466df915adca00971
-
SHA1
4c1d81e090fb044e32438d99e76ba236d285fffa
-
SHA256
f555bcbef5eb94bcb7d7beb0168feb8cd5bcf75236f385f2bc58405998b0aa0e
-
SHA512
af8c68a11dc9765c9d35f8d95d7ab9f776244b36184346998039855826bdd56417a6ba9dabb9df295da827bad0f853e67001d72b8e22d8d35c772d3eb0365f71
-
SSDEEP
49152:GvMEaA/BS7WQXBzdIXp6gvy6gLxfZQ6ugSoGltyrJplwwVwp5Vnu:Gyasiq66xRdu5UTlRwpnu
Malware Config
Targets
-
-
Target
Shadow-Fight-2_com.nekki.shadowfight_gameslolc_24881322.exe
-
Size
2.7MB
-
MD5
dfd04a2324cce85466df915adca00971
-
SHA1
4c1d81e090fb044e32438d99e76ba236d285fffa
-
SHA256
f555bcbef5eb94bcb7d7beb0168feb8cd5bcf75236f385f2bc58405998b0aa0e
-
SHA512
af8c68a11dc9765c9d35f8d95d7ab9f776244b36184346998039855826bdd56417a6ba9dabb9df295da827bad0f853e67001d72b8e22d8d35c772d3eb0365f71
-
SSDEEP
49152:GvMEaA/BS7WQXBzdIXp6gvy6gLxfZQ6ugSoGltyrJplwwVwp5Vnu:Gyasiq66xRdu5UTlRwpnu
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Blocklisted process makes network request
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-