General
-
Target
MDE_File_Sample_fe0cba1d9dd7a779a9c9c905cd27f00edcc0115e.zip
-
Size
94.2MB
-
Sample
230419-khwtcsbc2s
-
MD5
6c2eb335c425cee770d1d562ae1cfb66
-
SHA1
3400ec85857ddd3a7ddd806ca64d04dfb76a72e7
-
SHA256
c392cfc14008ee44b99625a3e9883efa542f05d1757171651f25be3fb37805c5
-
SHA512
80248158de38c208bca7f5125a454de24c0c944886780494db7903af01ff6fbe588696876cd9326f14ff4363667a6638627308e599abb576d376519380decda3
-
SSDEEP
1572864:dwokHzvWJwD+8DynrUGEDX2ey4b+HGzy62XjvftqTpChqxpWIdtF5a:dlkrWCNDIr1E6lmvEjXtqwhq/m
Malware Config
Targets
-
-
Target
27051a.msi
-
Size
95.3MB
-
MD5
3caeb5c8065a4092d0ddcdda54b799dd
-
SHA1
fe0cba1d9dd7a779a9c9c905cd27f00edcc0115e
-
SHA256
0225cac020c2586c8e7798c66e382a9d75c18d139dde0cfc45408f467cc05fc4
-
SHA512
2808c559655f500b5ccf17b82d6ec2617f7cfd842d5f3128e6494ea9506146ac66038ed46b5e6be9b0ca199e478438ffb5230c24836bc9f190a88a23f3e70f59
-
SSDEEP
1572864:l3xKLc5iu1Qdky/wYB3LzR9XrqtaYi4D0q69jAknTx4JcKb9umdkGOm5tpeP:RI4j1QCyYEL+taYf56hXx4JRpuSxeP
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-