General

  • Target

    2a7964c5d7268f4b320e91ad133654d75edca3c15f9e5c76dee7bf68634b933f

  • Size

    1.2MB

  • Sample

    201011-85eh4rghg6

  • MD5

    7afb28bfb761900b3c1fd5fc0c0be389

  • SHA1

    db534d5d66ee0b16e38a67a57c8967c951cf7db1

  • SHA256

    2a7964c5d7268f4b320e91ad133654d75edca3c15f9e5c76dee7bf68634b933f

  • SHA512

    ebdb84587dff78c4afc83b034b094c3195d79759be460b82f77cfa80255ac853e0f3ed2f2e42df911e95a139598a055f711102e80794e6ca882b4abf9b1bffa4

Malware Config

Targets

    • Target

      2a7964c5d7268f4b320e91ad133654d75edca3c15f9e5c76dee7bf68634b933f

    • Size

      1.2MB

    • MD5

      7afb28bfb761900b3c1fd5fc0c0be389

    • SHA1

      db534d5d66ee0b16e38a67a57c8967c951cf7db1

    • SHA256

      2a7964c5d7268f4b320e91ad133654d75edca3c15f9e5c76dee7bf68634b933f

    • SHA512

      ebdb84587dff78c4afc83b034b094c3195d79759be460b82f77cfa80255ac853e0f3ed2f2e42df911e95a139598a055f711102e80794e6ca882b4abf9b1bffa4

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks