General

  • Target

    8c99069bcb559bf7d9606af7ba1538cc8bacd79b4f3846f7487ec3b5179ef9d5

  • Size

    1.2MB

  • Sample

    201011-cwlk6qlke6

  • MD5

    ab1c5d9645e035838b9357be2a8193e6

  • SHA1

    bbef816466118085c97fb93738a04ae21f240190

  • SHA256

    8c99069bcb559bf7d9606af7ba1538cc8bacd79b4f3846f7487ec3b5179ef9d5

  • SHA512

    3b54948e5495d928bc4074cc8703e7861dcb59901f4249e7bfb9895ea0d9a01bf2a639f2830020cb351d545cf9e812fd721b3a0ff0bb1073492ae3be5610887c

Malware Config

Targets

    • Target

      8c99069bcb559bf7d9606af7ba1538cc8bacd79b4f3846f7487ec3b5179ef9d5

    • Size

      1.2MB

    • MD5

      ab1c5d9645e035838b9357be2a8193e6

    • SHA1

      bbef816466118085c97fb93738a04ae21f240190

    • SHA256

      8c99069bcb559bf7d9606af7ba1538cc8bacd79b4f3846f7487ec3b5179ef9d5

    • SHA512

      3b54948e5495d928bc4074cc8703e7861dcb59901f4249e7bfb9895ea0d9a01bf2a639f2830020cb351d545cf9e812fd721b3a0ff0bb1073492ae3be5610887c

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks