General

  • Target

    FF-1642541127.xll

  • Size

    1.7MB

  • Sample

    220118-1gdt6adecl

  • MD5

    90628329c8fd992adf0ab9530698cc1e

  • SHA1

    5bdf86da3da6809cf6a231fe8403b9bf6d267308

  • SHA256

    7e2a361d904e56e56ebdc4c4439e77f63246ae4276f573ad5b5427a0658fc5a3

  • SHA512

    ff0cb1e43b57f21307184c5ce0109d28a753cf852888b5161d0ef0c39acffb7a396c3b777634d8d91d2ccd200faf25e4f6b874ef4ff6b9a950750abe8da5f081

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      FF-1642541127.xll

    • Size

      1.7MB

    • MD5

      90628329c8fd992adf0ab9530698cc1e

    • SHA1

      5bdf86da3da6809cf6a231fe8403b9bf6d267308

    • SHA256

      7e2a361d904e56e56ebdc4c4439e77f63246ae4276f573ad5b5427a0658fc5a3

    • SHA512

      ff0cb1e43b57f21307184c5ce0109d28a753cf852888b5161d0ef0c39acffb7a396c3b777634d8d91d2ccd200faf25e4f6b874ef4ff6b9a950750abe8da5f081

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks