General
-
Target
cubebrowsersetup_x64_2_6_2.exe
-
Size
102.9MB
-
Sample
230329-fqgbeseg83
-
MD5
cb5d9790eb019a5b6470cbfee8bcc4e0
-
SHA1
9cb33dd94ec00cce858599fb35fa3787a72ea484
-
SHA256
bd354b3b96b0539f73b019d28c423b014942e1b450948e02633c9ebac0217c58
-
SHA512
e9113acb2b95420e3bfb5d4f22b02e5861de40358e084cab1bcba8756bad86ad75cf5d7946732e342219f858c3f35ba2c9db4941d990154a50f05d88b12cb5c5
-
SSDEEP
3145728:kzc1c12vU7Kg7ii2k4zcYr2ljsuHb+VBfAeIO+Pb:kzc1s2vUJ7JcT5u71eIO+Pb
Malware Config
Targets
-
-
Target
cubebrowsersetup_x64_2_6_2.exe
-
Size
102.9MB
-
MD5
cb5d9790eb019a5b6470cbfee8bcc4e0
-
SHA1
9cb33dd94ec00cce858599fb35fa3787a72ea484
-
SHA256
bd354b3b96b0539f73b019d28c423b014942e1b450948e02633c9ebac0217c58
-
SHA512
e9113acb2b95420e3bfb5d4f22b02e5861de40358e084cab1bcba8756bad86ad75cf5d7946732e342219f858c3f35ba2c9db4941d990154a50f05d88b12cb5c5
-
SSDEEP
3145728:kzc1c12vU7Kg7ii2k4zcYr2ljsuHb+VBfAeIO+Pb:kzc1s2vUJ7JcT5u71eIO+Pb
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-