General

  • Target

    f54cec2b04daafb0a1d612ef84913a1d03ef61d7de8b4c144414378c4415ac09

  • Size

    1.2MB

  • Sample

    201011-meavl61w8n

  • MD5

    3826f8176445cc4291287f8aad28bb53

  • SHA1

    d3c93b499b3a8ecd72e8d0903f61df8b8e4146f5

  • SHA256

    f54cec2b04daafb0a1d612ef84913a1d03ef61d7de8b4c144414378c4415ac09

  • SHA512

    7ca34808c4e37bea42609e96c71227089f0d340c06fabb6e663f2b7560bcc84819da0e54a8f2f992f2da07467597efb2e0a2dc2463438edfa8fdd1f4e17e218e

Malware Config

Targets

    • Target

      f54cec2b04daafb0a1d612ef84913a1d03ef61d7de8b4c144414378c4415ac09

    • Size

      1.2MB

    • MD5

      3826f8176445cc4291287f8aad28bb53

    • SHA1

      d3c93b499b3a8ecd72e8d0903f61df8b8e4146f5

    • SHA256

      f54cec2b04daafb0a1d612ef84913a1d03ef61d7de8b4c144414378c4415ac09

    • SHA512

      7ca34808c4e37bea42609e96c71227089f0d340c06fabb6e663f2b7560bcc84819da0e54a8f2f992f2da07467597efb2e0a2dc2463438edfa8fdd1f4e17e218e

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks