bazarbackdoor | e132be19bc7ae8a96d3d620710fa26b614e022abecccc161ad733eff732afcd6 | Triage

Submit
Reports

Overview

overview

Static

static

1

TLauncher-....1.exe

windows7-x64

TLauncher-....1.exe

windows10-2004-x64

7

Sharing

General

Target

TLauncher-2.879-Installer-1.1.1.exe
Size

22.6MB
Sample

230430-ln1vyahc87
MD5

c4ceda8c435298d23cc40a842f426d61
SHA1

c7337094f09852b00a815950e96f3292295e9e15
SHA256

e132be19bc7ae8a96d3d620710fa26b614e022abecccc161ad733eff732afcd6
SHA512

25e74422d3b7adeb0cc805bbe41298d4e0fcf984b038c63a3a4faeea16e10a18f113c9a7d946e16f377ad9e3a5ca0a6425d7650b62c1e5db9ee2299e9921f52b
SSDEEP

393216:LXfgqusAgbGPfs/dQETVlOBbpFEjdGphRqV56Hpkf+V4scTKAjENq3:LvtDpsHExi73qqHpg+Vvc+Amc

Score

10^/10

bazarbackdoor backdoor discovery upx

Static task

static1

Behavioral task

behavioral1

Sample

TLauncher-2.879-Installer-1.1.1.exe

Resource

win7-20230220-en

bazarbackdoor backdoor discovery upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

TLauncher-2.879-Installer-1.1.1.exe

Resource

win10v2004-20230221-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  TLauncher-2.879-Installer-1.1.1.exe
- Size
  
  22.6MB
- MD5
  
  c4ceda8c435298d23cc40a842f426d61
- SHA1
  
  c7337094f09852b00a815950e96f3292295e9e15
- SHA256
  
  e132be19bc7ae8a96d3d620710fa26b614e022abecccc161ad733eff732afcd6
- SHA512
  
  25e74422d3b7adeb0cc805bbe41298d4e0fcf984b038c63a3a4faeea16e10a18f113c9a7d946e16f377ad9e3a5ca0a6425d7650b62c1e5db9ee2299e9921f52b
- SSDEEP
  
  393216:LXfgqusAgbGPfs/dQETVlOBbpFEjdGphRqV56Hpkf+V4scTKAjENq3:LvtDpsHExi73qqHpg+Vvc+Amc
Score

10^/10

bazarbackdoor backdoor discovery upx
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- Bazar/Team9 Backdoor payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarbackdoorbackdoordiscoveryupx

behavioral2

© 2018-2024

Terms | Privacy