General

  • Target

    5c59f12280cdfd8303296be2502e5800873fe8dd7aa800bddd18da475f787244

  • Size

    344KB

  • Sample

    201011-klpkhlb2ce

  • MD5

    37b8839337f2e3c2c33363340de34cbe

  • SHA1

    0ec6f3f662bd4542673d08b7615e61e9b51500f1

  • SHA256

    5c59f12280cdfd8303296be2502e5800873fe8dd7aa800bddd18da475f787244

  • SHA512

    408ab622ed55fe5566f7eff907165f39447e738584d1bfa32e85a23769763c816c62fc2d9d7d8aebf5a5eb37fa7aab93d32c87e1a04164ed852fe680369d18b8

Malware Config

Targets

    • Target

      5c59f12280cdfd8303296be2502e5800873fe8dd7aa800bddd18da475f787244

    • Size

      344KB

    • MD5

      37b8839337f2e3c2c33363340de34cbe

    • SHA1

      0ec6f3f662bd4542673d08b7615e61e9b51500f1

    • SHA256

      5c59f12280cdfd8303296be2502e5800873fe8dd7aa800bddd18da475f787244

    • SHA512

      408ab622ed55fe5566f7eff907165f39447e738584d1bfa32e85a23769763c816c62fc2d9d7d8aebf5a5eb37fa7aab93d32c87e1a04164ed852fe680369d18b8

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks