bazarbackdoor | 871650166ffb346d7a8642584e58aea90e544c56b54f145ed9444cdbd1baed60 | Triage

Submit
Reports

Overview

overview

Static

static

1

TLauncher-....5.exe

windows7-x64

TLauncher-....5.exe

windows10-2004-x64

7

Sharing

General

Target

TLauncher-2.871-Installer-1.0.5.exe
Size

21.7MB
Sample

230322-b1jr3sgb7v
MD5

e4a3403eb6afc48bef001b8a91036ba7
SHA1

2077bfa3b342e1f9b2c4095b24dad4267a482f6b
SHA256

871650166ffb346d7a8642584e58aea90e544c56b54f145ed9444cdbd1baed60
SHA512

4babb3db5948fb62e2acedc428e6fefc1bb2f122dedd74556362c71d3630ef73126f61012232d8c53429b126e78853afce074698881baecc85350a45b2a611b7
SSDEEP

393216:VXeuV/n85Pfs/dQETVlOBbpFEj9GZdqV56Hpk7IXOzDnKI17fyVC:VOux8hHExiTTqqHp6zvKcfyVC

Score

10^/10

bazarbackdoor backdoor discovery upx

Static task

static1

Behavioral task

behavioral1

Sample

TLauncher-2.871-Installer-1.0.5.exe

Resource

win7-20230220-en

bazarbackdoor backdoor discovery upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

TLauncher-2.871-Installer-1.0.5.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  TLauncher-2.871-Installer-1.0.5.exe
- Size
  
  21.7MB
- MD5
  
  e4a3403eb6afc48bef001b8a91036ba7
- SHA1
  
  2077bfa3b342e1f9b2c4095b24dad4267a482f6b
- SHA256
  
  871650166ffb346d7a8642584e58aea90e544c56b54f145ed9444cdbd1baed60
- SHA512
  
  4babb3db5948fb62e2acedc428e6fefc1bb2f122dedd74556362c71d3630ef73126f61012232d8c53429b126e78853afce074698881baecc85350a45b2a611b7
- SSDEEP
  
  393216:VXeuV/n85Pfs/dQETVlOBbpFEj9GZdqV56Hpk7IXOzDnKI17fyVC:VOux8hHExiTTqqHp6zvKcfyVC
Score

10^/10

bazarbackdoor backdoor discovery upx
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Bazar/Team9 Backdoor payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarbackdoorbackdoordiscoveryupx

behavioral2

© 2018-2024

Terms | Privacy