General

  • Target

    1ea7aff75af63e55b05fd2d3015df1a3edfd1fcdad8305e1ff64611d37d97ee4

  • Size

    344KB

  • Sample

    201011-xch5s4rllj

  • MD5

    4d3419f0004da9068e4b55cca1947f44

  • SHA1

    1ccb9dbea9fcbe133c6bbdb3662418953abd535a

  • SHA256

    1ea7aff75af63e55b05fd2d3015df1a3edfd1fcdad8305e1ff64611d37d97ee4

  • SHA512

    70a39e9c0d403de317b5ce9fd74228095dca43c6c6de94bd443d66635baf48b0de0603a31e528b15dcd677f17d34b7adf49b2531de2ee2d77dd98322cd04663c

Malware Config

Targets

    • Target

      1ea7aff75af63e55b05fd2d3015df1a3edfd1fcdad8305e1ff64611d37d97ee4

    • Size

      344KB

    • MD5

      4d3419f0004da9068e4b55cca1947f44

    • SHA1

      1ccb9dbea9fcbe133c6bbdb3662418953abd535a

    • SHA256

      1ea7aff75af63e55b05fd2d3015df1a3edfd1fcdad8305e1ff64611d37d97ee4

    • SHA512

      70a39e9c0d403de317b5ce9fd74228095dca43c6c6de94bd443d66635baf48b0de0603a31e528b15dcd677f17d34b7adf49b2531de2ee2d77dd98322cd04663c

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks