bazarbackdoor | 666dcc84d26ea7ba79228f744f9caeac1192a9f274a5e795cc9e9352d41d80f3 | Triage

Submit
Reports

Overview

overview

Static

static

1

iTunesSetu...YT.exe

windows7-x64

iTunesSetu...YT.exe

windows10-2004-x64

Sharing

General

Target

iTunesSetup64BitsPorLimonTouchYT.exe
Size

264.9MB
Sample

230310-tryhzsgc5w
MD5

f50aeff9ee0031bfb28c860ea2c0f3ad
SHA1

7b317da13c3d0e463f73c27123a69379c4dbfd9d
SHA256

666dcc84d26ea7ba79228f744f9caeac1192a9f274a5e795cc9e9352d41d80f3
SHA512

4dddad8a53a09dc97b55c2d091cfc7f743a73398632301d578c53d1d7d32941b79a6f2eea6af5fa260f2e8ff767bc98aa73abda5a5f10964513462e792ce3342
SSDEEP

6291456:rvKMpdD1mWqV32SJu8bkTiV0mIskk1oxic34VY3OyA:rv5q5bvPTk10mO

Score

10^/10

bazarbackdoor backdoor evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

iTunesSetup64BitsPorLimonTouchYT.exe

Resource

win7-20230220-en

bazarbackdoor backdoor

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

iTunesSetup64BitsPorLimonTouchYT.exe

Resource

win10v2004-20230220-en

bazarbackdoor backdoor evasion persistence

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  iTunesSetup64BitsPorLimonTouchYT.exe
- Size
  
  264.9MB
- MD5
  
  f50aeff9ee0031bfb28c860ea2c0f3ad
- SHA1
  
  7b317da13c3d0e463f73c27123a69379c4dbfd9d
- SHA256
  
  666dcc84d26ea7ba79228f744f9caeac1192a9f274a5e795cc9e9352d41d80f3
- SHA512
  
  4dddad8a53a09dc97b55c2d091cfc7f743a73398632301d578c53d1d7d32941b79a6f2eea6af5fa260f2e8ff767bc98aa73abda5a5f10964513462e792ce3342
- SSDEEP
  
  6291456:rvKMpdD1mWqV32SJu8bkTiV0mIskk1oxic34VY3OyA:rv5q5bvPTk10mO
Score

10^/10

bazarbackdoor backdoor evasion persistence
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Modifies firewall policy service
  evasion
- Bazar/Team9 Backdoor payload
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarbackdoorbackdoor

behavioral2

bazarbackdoorbackdoorevasionpersistence

© 2018-2024

Terms | Privacy