General

  • Target

    request.zip

  • Size

    39KB

  • Sample

    211021-qtzx2sadb4

  • MD5

    b974d225e597c3757a43b2816f2d87df

  • SHA1

    871a068704acfec3736298feafc751572306ca9b

  • SHA256

    52e3cf3516a9bd3777b76223e6e2c49eb66bae4903d33ca04c5188499560c552

  • SHA512

    ffd3719051bcd3a10aca761e2359d1397f5cc329221fb9126b40ccc39b97f73ef6523d663b69099dc763a2003a61fd54a4e833c569d8974be57219e8a29f8443

Malware Config

Targets

    • Target

      statistics.010.21.21.doc

    • Size

      34KB

    • MD5

      81a0f5b3638ae19f39850639ca26323a

    • SHA1

      c5079a46f9391690ecb2023c54c8022b375e507e

    • SHA256

      c39abbf3cd7a0a4055f7b36f73c1b3bce6b02a74d6fd700a46c3993e37544ee6

    • SHA512

      b317a4bce70605eb5ea6be5818be274454d56a202c5c652682291c574bd5a1a63a8ae0646d09771ccdfaca08d1ee7c069c6fb236d257a78de32bacf65743e872

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Tasks