General

  • Target

    cf6683d18904fde78028d901f9282099e3dc24a2ce6157003dced3ae387bdcfb

  • Size

    1.2MB

  • Sample

    201011-wcfwwpkvse

  • MD5

    e91c3b4f1b997aa1102593dbec295592

  • SHA1

    b69defd376316253a06282a02dc9b27a1f5c1985

  • SHA256

    cf6683d18904fde78028d901f9282099e3dc24a2ce6157003dced3ae387bdcfb

  • SHA512

    1881900a9c833c37748f344c29cf08fa4f888f64416902814d1ba7a7a1a2ef54cfbc7fe7c8973082e76429d72c2099830a3ae7b88b267b2099fd1ad00eee9a7c

Malware Config

Targets

    • Target

      cf6683d18904fde78028d901f9282099e3dc24a2ce6157003dced3ae387bdcfb

    • Size

      1.2MB

    • MD5

      e91c3b4f1b997aa1102593dbec295592

    • SHA1

      b69defd376316253a06282a02dc9b27a1f5c1985

    • SHA256

      cf6683d18904fde78028d901f9282099e3dc24a2ce6157003dced3ae387bdcfb

    • SHA512

      1881900a9c833c37748f344c29cf08fa4f888f64416902814d1ba7a7a1a2ef54cfbc7fe7c8973082e76429d72c2099830a3ae7b88b267b2099fd1ad00eee9a7c

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks