Resubmissions

24-08-2021 15:46

210824-t6hzlqqj4a 10

24-08-2021 15:30

210824-gm7skbgnee 10

24-08-2021 15:27

210824-68px7xses6 10

24-08-2021 15:17

210824-2783vynafn 10

04-08-2021 16:51

210804-8pmmxqpdzn 10

General

  • Target

    JVrLyRD.dat

  • Size

    242KB

  • Sample

    210824-gm7skbgnee

  • MD5

    12e60d21fd9c8675368635ea5246e393

  • SHA1

    60ae64cd005f862797279fb151c9a0433b8e654c

  • SHA256

    70c2422033dd395c0a6c15b5e6dbdde34aa65b7481d4b8298e70e0c3e72a2182

  • SHA512

    6509c404b274af6250a241b441558d010729da12bbad47dd59c2da5a7480f682ff8c5bfeace9b2bc65db22f212b6399cd74f3f25ae22354db0ca8e06d85ed189

Malware Config

Targets

    • Target

      JVrLyRD.dat

    • Size

      242KB

    • MD5

      12e60d21fd9c8675368635ea5246e393

    • SHA1

      60ae64cd005f862797279fb151c9a0433b8e654c

    • SHA256

      70c2422033dd395c0a6c15b5e6dbdde34aa65b7481d4b8298e70e0c3e72a2182

    • SHA512

      6509c404b274af6250a241b441558d010729da12bbad47dd59c2da5a7480f682ff8c5bfeace9b2bc65db22f212b6399cd74f3f25ae22354db0ca8e06d85ed189

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Bazar/Team9 Loader payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks