bazarbackdoor | 318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96 | Triage

Submit
Reports

Overview

overview

Static

static

1

TLauncher-...al.exe

windows7-x64

TLauncher-...al.exe

windows10-2004-x64

7

Sharing

General

Target

TLauncher-2.871-Installer-1.0.6-global.exe
Size

23.6MB
Sample

230419-d5h3fshh2w
MD5

7a4472a78d0651e11d20aa08e43cc045
SHA1

aab1d5f80d7399ae2c1982201733be7681d100b1
SHA256

318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96
SHA512

c152c9d21b0615548173dcc61accb1a1afd5b6f98e6ec21f6a7119536397f07a54ad4087669716c3344dd338ce4f24cecf9989d472f65eaa18c87d496f23c681
SSDEEP

393216:gXQLpnUN/n8IPfs/dQETVlOBbpFEj9GZ1GphRqV56Hpk7IXOzDnKI17fyVS:ggLFUp8aHExiTI3qqHp6zvKcfyVS

Score

10^/10

bazarbackdoor backdoor discovery upx

Static task

static1

Behavioral task

behavioral1

Sample

TLauncher-2.871-Installer-1.0.6-global.exe

Resource

win7-20230220-en

bazarbackdoor backdoor discovery upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

TLauncher-2.871-Installer-1.0.6-global.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  TLauncher-2.871-Installer-1.0.6-global.exe
- Size
  
  23.6MB
- MD5
  
  7a4472a78d0651e11d20aa08e43cc045
- SHA1
  
  aab1d5f80d7399ae2c1982201733be7681d100b1
- SHA256
  
  318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96
- SHA512
  
  c152c9d21b0615548173dcc61accb1a1afd5b6f98e6ec21f6a7119536397f07a54ad4087669716c3344dd338ce4f24cecf9989d472f65eaa18c87d496f23c681
- SSDEEP
  
  393216:gXQLpnUN/n8IPfs/dQETVlOBbpFEj9GZ1GphRqV56Hpk7IXOzDnKI17fyVS:ggLFUp8aHExiTI3qqHp6zvKcfyVS
Score

10^/10

bazarbackdoor backdoor discovery upx
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Bazar/Team9 Backdoor payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarbackdoorbackdoordiscoveryupx

behavioral2

© 2018-2024

Terms | Privacy