General

  • Target

    1 (26)

  • Size

    2.7MB

  • Sample

    201016-xsgpkctyqe

  • MD5

    6ddb7dcac523dd543b03ad2c9cd2e796

  • SHA1

    5f1f62c8027457bdf12673845a5b106803979b27

  • SHA256

    134454fa4529ec612261c4ec1b7246742f9fe76d083b3ebf2843f47714263c0b

  • SHA512

    5b3d75a7871786380670504b95ad99d9ac3518ac469b582ca80d83646bbe4ddbc5ba2adc8607afbfd37276b6bf906b76f26f26ec4bab5b722144ee0795106662

Malware Config

Targets

    • Target

      1 (26)

    • Size

      2.7MB

    • MD5

      6ddb7dcac523dd543b03ad2c9cd2e796

    • SHA1

      5f1f62c8027457bdf12673845a5b106803979b27

    • SHA256

      134454fa4529ec612261c4ec1b7246742f9fe76d083b3ebf2843f47714263c0b

    • SHA512

      5b3d75a7871786380670504b95ad99d9ac3518ac469b582ca80d83646bbe4ddbc5ba2adc8607afbfd37276b6bf906b76f26f26ec4bab5b722144ee0795106662

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks