Overview

overview

10

Static

static

Stolen Ima...nce.js

windows7_x64

10

Stolen Ima...nce.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Stolen Images Evidence.zip

  • Size

    5KB

  • Sample

    211012-q1yzbscdbp

  • MD5

    ee8afb1027a4e17f44d2ca2a9e967484

  • SHA1

    201945f13ad07dda5a0cab8da5e3cbb85c91f65e

  • SHA256

    3315cda85556f18f37f62bfea506267d38fa0f864e56017cd8315c73c290b12b

  • SHA512

    b13e3015e34c8571abcf6f07b66f9a078847951f1347cf97e615fe60a84a465278fb106a20da3ea7c77307311178eec380556bd7ad8d7bbbd9aa0be21d183c21

Score
10/10
bazarloaderdropperloader

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://polidors.space/333g100/index.php

Targets

    • Target

      Stolen Images Evidence.js

    • Size

      18KB

    • MD5

      e26be3479f0589233e8eb4c61ad4d8cb

    • SHA1

      77828932f8427f43503e7c957a368d1ae2078c24

    • SHA256

      251dba6ce4450b1ce3520ce63b79ea0ebc29e7b67276d4c9ca47ea6db264a612

    • SHA512

      852b1c812ba10ea6fa16d510e1913fa10d765f5842ee1b4df1c449ba7b9ce2c4117ea53ea8858d54d1248cb6165cc995e71401ca65055d93f7763818a8df7be2

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks