General

  • Target

    609fef55693698a2bc7695a4bdc574cfb45b590bde4f4291f8d99bc7f25e266a

  • Size

    344KB

  • Sample

    201011-t9l3mhzl8e

  • MD5

    c361742189a14d011847080f6becd024

  • SHA1

    3ef55a91a981749c545075e75bfafa3e9dd84e99

  • SHA256

    609fef55693698a2bc7695a4bdc574cfb45b590bde4f4291f8d99bc7f25e266a

  • SHA512

    c39dc01ec205f916beb86a0a2062d37bd270b7e0fc6cce8bc99d940caccee865925107ca47f06297cc0553c8b4e22a024795faafb980e505d2fcc3733a9328ac

Malware Config

Targets

    • Target

      609fef55693698a2bc7695a4bdc574cfb45b590bde4f4291f8d99bc7f25e266a

    • Size

      344KB

    • MD5

      c361742189a14d011847080f6becd024

    • SHA1

      3ef55a91a981749c545075e75bfafa3e9dd84e99

    • SHA256

      609fef55693698a2bc7695a4bdc574cfb45b590bde4f4291f8d99bc7f25e266a

    • SHA512

      c39dc01ec205f916beb86a0a2062d37bd270b7e0fc6cce8bc99d940caccee865925107ca47f06297cc0553c8b4e22a024795faafb980e505d2fcc3733a9328ac

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks