General

  • Target

    81e6dcf2510ffc2400743e912448013f

  • Size

    316KB

  • Sample

    210401-st7sfkvavx

  • MD5

    81e6dcf2510ffc2400743e912448013f

  • SHA1

    b1b29fff6348b805851513ce8812990a2f5a4e39

  • SHA256

    258ad65c676c26e608f331bc538a985fd4ac019c6ca4229e4e197acaa93d82c4

  • SHA512

    f1e8cc52664acb684ab9f06227d28de19629de888fdb73ad42f325199e587388301751cdd8c10680127b5d6a439c98da9a25252951ba6bb26648880714a596bc

Malware Config

Targets

    • Target

      81e6dcf2510ffc2400743e912448013f

    • Size

      316KB

    • MD5

      81e6dcf2510ffc2400743e912448013f

    • SHA1

      b1b29fff6348b805851513ce8812990a2f5a4e39

    • SHA256

      258ad65c676c26e608f331bc538a985fd4ac019c6ca4229e4e197acaa93d82c4

    • SHA512

      f1e8cc52664acb684ab9f06227d28de19629de888fdb73ad42f325199e587388301751cdd8c10680127b5d6a439c98da9a25252951ba6bb26648880714a596bc

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Bazar/Team9 Loader payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Remote System Discovery

1
T1018

Tasks