Overview

overview

10

Static

static

Stolen Ima...nce.js

windows7_x64

10

Stolen Ima...nce.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Stolen Images Evidence.zip

  • Size

    5KB

  • Sample

    211014-ws2m5sabb2

  • MD5

    0f12f72ab10b757b48cb163c9c99521d

  • SHA1

    9ba964a1ea20e8efbdab1adf100cae51d71550ed

  • SHA256

    a3d502012d1cded2d5a936372a08073db9b85dd2323908f9d55d802c24e8aa20

  • SHA512

    b33bc76d675fe067a4092851b8a3f33aa1aff8cfad73f1f882878497524e452653ed72ac73caae4a28d06ebd7e152823b3944a825e67a8aa1ebf3bff1d6224c8

Score
10/10
bazarloaderdropperloader

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://bobersok.top/333g100/index.php

Targets

    • Target

      Stolen Images Evidence.js

    • Size

      19KB

    • MD5

      c62b322046bee6a5a86c4fecf5dee72e

    • SHA1

      18a381be8472fcee623c18cb1bfcf938682bef7d

    • SHA256

      edb86c44b69eb1071a138ec2fd99968a18d671ecbcc6cbd7babcde7a132c1e01

    • SHA512

      2d19000408a61cbf744defb51fc8f0c64f11c74186cdc2f56317641e16fd7c794919ead08ce119c62ec966dcd5a2c62794845e53f4697e657394c9e90ac1f0dc

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks