bazarbackdoor | a0004c709e57bf251069a1ef097ff5fa47b7bb8cd99622fc6d0bd155f803e5ab | Triage

Submit
Reports

Overview

overview

Static

static

1

redirect.html

windows7-x64

redirect.html

windows10-2004-x64

1

Sharing

General

Target

redirect
Size

6KB
Sample

230404-s4bdjsgc94
MD5

e6279de86bd3f26bec60a8578735fa88
SHA1

b141a95f20b275000718fbf3c5122145327aad1c
SHA256

a0004c709e57bf251069a1ef097ff5fa47b7bb8cd99622fc6d0bd155f803e5ab
SHA512

0cc2b123ca9772a31ed2aa4ce36041e8083aa81a8dc89d53d1f25e38eba02d069d4e68eed7281e8ceab815ad2cc5da174ca065dcff063c40bdd9baa5e04f9355
SSDEEP

192:dFHLxX7777/77QF7o0LCARd4BBsIIgdOyF:dFr5HYi0MsIddOy

Score

10^/10

bazarbackdoor backdoor discovery evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

redirect.html

Resource

win7-20230220-en

bazarbackdoor backdoor discovery evasion trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

redirect.html

Resource

win10v2004-20230220-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  redirect
- Size
  
  6KB
- MD5
  
  e6279de86bd3f26bec60a8578735fa88
- SHA1
  
  b141a95f20b275000718fbf3c5122145327aad1c
- SHA256
  
  a0004c709e57bf251069a1ef097ff5fa47b7bb8cd99622fc6d0bd155f803e5ab
- SHA512
  
  0cc2b123ca9772a31ed2aa4ce36041e8083aa81a8dc89d53d1f25e38eba02d069d4e68eed7281e8ceab815ad2cc5da174ca065dcff063c40bdd9baa5e04f9355
- SSDEEP
  
  192:dFHLxX7777/77QF7o0LCARd4BBsIIgdOyF:dFr5HYi0MsIddOy
Score

10^/10

bazarbackdoor backdoor discovery evasion trojan upx
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Bazar/Team9 Backdoor payload
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarbackdoorbackdoordiscoveryevasiontrojanupx

behavioral2

© 2018-2024

Terms | Privacy