General

  • Target

    1ae793fb1d53cf5b1b393c348592220eec76d6def504dcb09f4686920d2e28d2

  • Size

    332KB

  • Sample

    200910-yc81hdjgh2

  • MD5

    a41429f7dbecfb76e6b7534afbeb4f74

  • SHA1

    68f48d169b4f62189b3e43c3615aa7e4314e9459

  • SHA256

    1ae793fb1d53cf5b1b393c348592220eec76d6def504dcb09f4686920d2e28d2

  • SHA512

    6957ba5090a5e36feec28fb5d4abeab7ec068ceb212bc7b3f2a10ac568f80b4a925e5d9b0815fc9e936897924c51d9c51fa1af35da508b2d6e0a179c26797bf6

Malware Config

Targets

    • Target

      1ae793fb1d53cf5b1b393c348592220eec76d6def504dcb09f4686920d2e28d2

    • Size

      332KB

    • MD5

      a41429f7dbecfb76e6b7534afbeb4f74

    • SHA1

      68f48d169b4f62189b3e43c3615aa7e4314e9459

    • SHA256

      1ae793fb1d53cf5b1b393c348592220eec76d6def504dcb09f4686920d2e28d2

    • SHA512

      6957ba5090a5e36feec28fb5d4abeab7ec068ceb212bc7b3f2a10ac568f80b4a925e5d9b0815fc9e936897924c51d9c51fa1af35da508b2d6e0a179c26797bf6

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Backdoor payload

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks