Resubmissions

08/12/2021, 10:45

211208-mtc7hahgar 10

07/12/2021, 23:29

211207-3gj3aagec5 10

General

  • Target

    resource.dll

  • Size

    411KB

  • Sample

    211208-mtc7hahgar

  • MD5

    e213401158fcd632f758cd8bda224c7a

  • SHA1

    407852c802d47e368f8e92a14c3b107eb34ec68b

  • SHA256

    4a5f37ff394af7a750b1933c3e77b927043e933bfa715c917c824fbc645c940c

  • SHA512

    66e3485f72a76f51ca97a9cbcc893c25f3feffccb75de4429bf69523174c5881552bb54c95977cc9684667b756cf9fa02e3c4ed00a487b5ae177f12cf12954af

Malware Config

Targets

    • Target

      resource.dll

    • Size

      411KB

    • MD5

      e213401158fcd632f758cd8bda224c7a

    • SHA1

      407852c802d47e368f8e92a14c3b107eb34ec68b

    • SHA256

      4a5f37ff394af7a750b1933c3e77b927043e933bfa715c917c824fbc645c940c

    • SHA512

      66e3485f72a76f51ca97a9cbcc893c25f3feffccb75de4429bf69523174c5881552bb54c95977cc9684667b756cf9fa02e3c4ed00a487b5ae177f12cf12954af

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

MITRE ATT&CK Matrix

Tasks