General
-
Target
52a4b5c2b42cc782ad438ee4e1b6b15327aa55e4b5156fdcbebabe09d87f612d
-
Size
41.7MB
-
Sample
230301-le1htafb5z
-
MD5
a6409238576ab8e22969e26430a23e2c
-
SHA1
f0e56958ba084a78d45be57a94cfb496ebe3adcd
-
SHA256
52a4b5c2b42cc782ad438ee4e1b6b15327aa55e4b5156fdcbebabe09d87f612d
-
SHA512
101bf300aebf6015964befa1d3b226bec08e919bf58ec69c641a087905009660d62d33f62c7e8de5ebcbd689333eccafff02e3854e870e2eafd38cebdab0f3ef
-
SSDEEP
786432:azzscsr8/fewB0XWU0BhYduZcf7DfD/Hypzj3Fc2/67f+irh:acrWfe0U/duZuDLHypPVC7f/rh
Malware Config
Targets
-
-
Target
52a4b5c2b42cc782ad438ee4e1b6b15327aa55e4b5156fdcbebabe09d87f612d
-
Size
41.7MB
-
MD5
a6409238576ab8e22969e26430a23e2c
-
SHA1
f0e56958ba084a78d45be57a94cfb496ebe3adcd
-
SHA256
52a4b5c2b42cc782ad438ee4e1b6b15327aa55e4b5156fdcbebabe09d87f612d
-
SHA512
101bf300aebf6015964befa1d3b226bec08e919bf58ec69c641a087905009660d62d33f62c7e8de5ebcbd689333eccafff02e3854e870e2eafd38cebdab0f3ef
-
SSDEEP
786432:azzscsr8/fewB0XWU0BhYduZcf7DfD/Hypzj3Fc2/67f+irh:acrWfe0U/duZuDLHypPVC7f/rh
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-