General

  • Target

    2a9c7c90b237fdb0571ab5ef9ee8c0827ef1f49edf66bc9837e0fd5dc2b1a786.zip

  • Size

    135KB

  • Sample

    211025-x1lsbsgeg3

  • MD5

    d76d870f3a7da420e5cdc585032b8955

  • SHA1

    cd532cf35818d2fbd7d72433e954a6b80cb39bd6

  • SHA256

    9de1c97e5faa8d7fc2f0a39ba1bee0f191f8e175b9ddc2a4b2c049628d422d26

  • SHA512

    2139e16d68c2d54e42db016b55e85424c95535e0bf338d846f675abbc92875d0f5c3931508b1771086e3a29fd1161116724ca90342d0b84ffa7bdbd48d28b10e

Malware Config

Targets

    • Target

      PIytasA.bin

    • Size

      186KB

    • MD5

      b61b46a6ec2e47c9cbb1ee9cc1dc4160

    • SHA1

      2375f420544bf81f8c3ed917ad598c238f70f8f1

    • SHA256

      2a9c7c90b237fdb0571ab5ef9ee8c0827ef1f49edf66bc9837e0fd5dc2b1a786

    • SHA512

      48479dc4f438cd590b58d7d6330096df7a9c2e36a18b1640732df6cfb63cfd08f20e5f239a2550661b74089e79fbe72ad5da3375701d879dcad314fa6c11b468

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Bazar/Team9 Loader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks