General

  • Target

    1 (27)

  • Size

    2.7MB

  • Sample

    201016-9njpnmmdca

  • MD5

    f5a3f518782e8d6b8161f6c1b6793dba

  • SHA1

    334b7826985ea3b913930f650294af50d7a63993

  • SHA256

    180585d93bd6580169a9620f10ecdc1db462a0554a1e194dfea646da10e9e177

  • SHA512

    3783738f91a0fdbbeb346c95d491a2f94765502c804ba40094e10d93b348f389af4a7e52640980d5a979e54b331e735f74db6fa70338d45ba343936805bc6aec

Malware Config

Targets

    • Target

      1 (27)

    • Size

      2.7MB

    • MD5

      f5a3f518782e8d6b8161f6c1b6793dba

    • SHA1

      334b7826985ea3b913930f650294af50d7a63993

    • SHA256

      180585d93bd6580169a9620f10ecdc1db462a0554a1e194dfea646da10e9e177

    • SHA512

      3783738f91a0fdbbeb346c95d491a2f94765502c804ba40094e10d93b348f389af4a7e52640980d5a979e54b331e735f74db6fa70338d45ba343936805bc6aec

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks