General
-
Target
Stack of money and gold coins 3d cartoon style icon.jpg
-
Size
1.4MB
-
Sample
230310-298exaff83
-
MD5
1598b5567488f34bcfe0ad1eae92957a
-
SHA1
5d2ff1a667799435cfc1665c67a64c1d0e3f95b8
-
SHA256
610d1dbf3f80cfbe020d1fcbd7ee377cfc996de1237eaae7368097b7bc5703b3
-
SHA512
3a55830056e8af361145348a89a315abe45e8d9f517a03f74c5d1aec131382020ffcc44095e5e9a443223c4866317895d51a50234a81aa2c48c40dace6a60ddf
-
SSDEEP
24576:CScJY1EosNy7y7qvzItm5XUVnmZxLHXiJzd3mFaf+:C1JYuMzEm2QxLH+JmoW
Malware Config
Targets
-
-
Target
Stack of money and gold coins 3d cartoon style icon.jpg
-
Size
1.4MB
-
MD5
1598b5567488f34bcfe0ad1eae92957a
-
SHA1
5d2ff1a667799435cfc1665c67a64c1d0e3f95b8
-
SHA256
610d1dbf3f80cfbe020d1fcbd7ee377cfc996de1237eaae7368097b7bc5703b3
-
SHA512
3a55830056e8af361145348a89a315abe45e8d9f517a03f74c5d1aec131382020ffcc44095e5e9a443223c4866317895d51a50234a81aa2c48c40dace6a60ddf
-
SSDEEP
24576:CScJY1EosNy7y7qvzItm5XUVnmZxLHXiJzd3mFaf+:C1JYuMzEm2QxLH+JmoW
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-