Overview

overview

10

Static

static

10

krisp-v1.21.1-x64.msi

windows7-x64

8

krisp-v1.21.1-x64.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    krisp-v1.21.1-x64.msi

  • Size

    70MB

  • Sample

    230421-wf31fahb62

  • MD5

    e2d02c2d0d744411a0a6e2935dea4f84

  • SHA1

    fba0fcd0cff2c4ceda85c87ef2458558c8754401

  • SHA256

    10cba83ef3cbfdc6636647c9fe1c273ffd7e833cd88b93f9c9666e8449764a36

  • SHA512

    99681131e3cebee6416c4e08cbf766f36d8560a2c47eb160d4bdb6394bd038da9f58a2546f866d4a61c42423e08922e6ef1b432981f0f1d3f2d6931b9b926ae9

  • SSDEEP

    1572864:5bT5TAvyIckmyh4kzaYBqYeTPpCQiyjTtSEOWfd9rdnYjNxYfw8A:5bTtCaEaYBaPiCrOAFYjrYfw

Score
10/10
bazarbackdoorbackdoor

Malware Config

Targets

    • Target

      krisp-v1.21.1-x64.msi

    • Size

      70MB

    • MD5

      e2d02c2d0d744411a0a6e2935dea4f84

    • SHA1

      fba0fcd0cff2c4ceda85c87ef2458558c8754401

    • SHA256

      10cba83ef3cbfdc6636647c9fe1c273ffd7e833cd88b93f9c9666e8449764a36

    • SHA512

      99681131e3cebee6416c4e08cbf766f36d8560a2c47eb160d4bdb6394bd038da9f58a2546f866d4a61c42423e08922e6ef1b432981f0f1d3f2d6931b9b926ae9

    • SSDEEP

      1572864:5bT5TAvyIckmyh4kzaYBqYeTPpCQiyjTtSEOWfd9rdnYjNxYfw8A:5bTtCaEaYBaPiCrOAFYjrYfw

    Score
    10/10
    bazarbackdoorbackdoor

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Bazar/Team9 Backdoor payload

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks