General

  • Target

    03396b2ed677c8afc58f2ce403417e56df85027468621f42ac416a38baa7bc63

  • Size

    1.7MB

  • Sample

    220118-13fwmsdfb6

  • MD5

    2d6660d8414b5039f08cc2b5677e8b6f

  • SHA1

    77186fc261f97df5f2bb72b4df4401097e1232e6

  • SHA256

    03396b2ed677c8afc58f2ce403417e56df85027468621f42ac416a38baa7bc63

  • SHA512

    390fea5d4d4c7f8c250ec0c5be5e5637ed076cdc949f32e243f735606840a429f62016e6841f0733f8406aa6e364f6e91685033f36cf2139a715fd71ccf27e38

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      03396b2ed677c8afc58f2ce403417e56df85027468621f42ac416a38baa7bc63

    • Size

      1.7MB

    • MD5

      2d6660d8414b5039f08cc2b5677e8b6f

    • SHA1

      77186fc261f97df5f2bb72b4df4401097e1232e6

    • SHA256

      03396b2ed677c8afc58f2ce403417e56df85027468621f42ac416a38baa7bc63

    • SHA512

      390fea5d4d4c7f8c250ec0c5be5e5637ed076cdc949f32e243f735606840a429f62016e6841f0733f8406aa6e364f6e91685033f36cf2139a715fd71ccf27e38

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks