bazarbackdoor | 0ec87e23086f2954dccd869ed920c070a200ebe5592e41ae9ae1c5cd8013d8b3 | Triage

Submit
Reports

Overview

overview

Static

static

1

disable-devtool.html

windows7-x64

disable-devtool.html

windows10-2004-x64

1

Sharing

General

Target

disable-devtool
Size

6KB
Sample

230402-ff2jlseg57
MD5

52e11736d611c09aef6081ae8655387e
SHA1

240254d8a05b2da8fa268093d6d8f5e5e53d7c5f
SHA256

0ec87e23086f2954dccd869ed920c070a200ebe5592e41ae9ae1c5cd8013d8b3
SHA512

4d66419e762ef0b85fab9fdb10bafcd070a7998d5186e770b1269e21d65debe9c10f9157b9deb08426b596689631d8a08da2817711caf06147f2975d4ea229e2
SSDEEP

192:1d/tFvaJB5fqAMbRe5P8CoLzBIqgD+5PHUhM:jlF5rCoLzBIqN+M

Score

10^/10

bazarbackdoor backdoor discovery upx

Static task

static1

Behavioral task

behavioral1

Sample

disable-devtool.html

Resource

win7-20230220-en

bazarbackdoor backdoor discovery upx

windows7-x64

25 signatures

1800 seconds

Behavioral task

behavioral2

Sample

disable-devtool.html

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

1800 seconds

Malware Config

Targets

- Target
  
  disable-devtool
- Size
  
  6KB
- MD5
  
  52e11736d611c09aef6081ae8655387e
- SHA1
  
  240254d8a05b2da8fa268093d6d8f5e5e53d7c5f
- SHA256
  
  0ec87e23086f2954dccd869ed920c070a200ebe5592e41ae9ae1c5cd8013d8b3
- SHA512
  
  4d66419e762ef0b85fab9fdb10bafcd070a7998d5186e770b1269e21d65debe9c10f9157b9deb08426b596689631d8a08da2817711caf06147f2975d4ea229e2
- SSDEEP
  
  192:1d/tFvaJB5fqAMbRe5P8CoLzBIqgD+5PHUhM:jlF5rCoLzBIqN+M
Score

10^/10

bazarbackdoor backdoor discovery upx
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Bazar/Team9 Backdoor payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarbackdoorbackdoordiscoveryupx

behavioral2

© 2018-2024

Terms | Privacy