General

  • Target

    DragTest.dll

  • Size

    638KB

  • Sample

    211208-nmqdxscgc4

  • MD5

    e03aa729c1f68b4dc946c7a490f523c6

  • SHA1

    f8e23e76b89ee17e5690059a962f4396370e1163

  • SHA256

    313a5c2146a7117f0bf844c56263dff4d2012eb434a7410dc7309a8bab6f70fc

  • SHA512

    d61ff2d112df5e0274f0d0b1479d640537e374efd67a5f5c768718035c9aa7bd48aef89a71591fb1a0762f59fb58cf7d96c7db3e8bd86af5db360a3412128594

Malware Config

Targets

    • Target

      DragTest.dll

    • Size

      638KB

    • MD5

      e03aa729c1f68b4dc946c7a490f523c6

    • SHA1

      f8e23e76b89ee17e5690059a962f4396370e1163

    • SHA256

      313a5c2146a7117f0bf844c56263dff4d2012eb434a7410dc7309a8bab6f70fc

    • SHA512

      d61ff2d112df5e0274f0d0b1479d640537e374efd67a5f5c768718035c9aa7bd48aef89a71591fb1a0762f59fb58cf7d96c7db3e8bd86af5db360a3412128594

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Bazar/Team9 Loader payload

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

MITRE ATT&CK Matrix

Tasks