Overview

overview

10

Static

static

1

PC Installer.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PC Installer.exe

  • Size

    1.8MB

  • Sample

    230410-qqpb5shf52

  • MD5

    67a09a2ffc6269af9161923fa7b6b183

  • SHA1

    15505b2d25f45c0923b51a7715e0c05ec93bafcc

  • SHA256

    f102a5b110551c066e9aed6b6666b13b81dd90065f8f3487ae4aa67edf3568f2

  • SHA512

    475a22d74f55c1e95c42db896fadb5b2c726232098c46572cb9f0960e19a15f20be001943058fe65ec289c01be1b60fbb653359a80ca52ea7bcb401636943578

  • SSDEEP

    49152:bV5gjm/5CxBM48d+WUbysctSumli1k48UcAQyqTKGEDt2/5CxBMGUf2ef:bVqjm/5CxrI3UmSuytI2/5Cxwf

Score
10/10
bazarbackdoorbackdoordiscoverypersistencepyinstaller

Malware Config

Targets

    • Target

      PC Installer.exe

    • Size

      1.8MB

    • MD5

      67a09a2ffc6269af9161923fa7b6b183

    • SHA1

      15505b2d25f45c0923b51a7715e0c05ec93bafcc

    • SHA256

      f102a5b110551c066e9aed6b6666b13b81dd90065f8f3487ae4aa67edf3568f2

    • SHA512

      475a22d74f55c1e95c42db896fadb5b2c726232098c46572cb9f0960e19a15f20be001943058fe65ec289c01be1b60fbb653359a80ca52ea7bcb401636943578

    • SSDEEP

      49152:bV5gjm/5CxBM48d+WUbysctSumli1k48UcAQyqTKGEDt2/5CxBMGUf2ef:bVqjm/5CxrI3UmSuytI2/5Cxwf

    Score
    10/10
    bazarbackdoorbackdoordiscoverypersistencepyinstaller

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Bazar/Team9 Backdoor payload

    • Drops file in Drivers directory

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks