General

  • Target

    bd4953dbce803a724515c75235cd92c0

  • Size

    1.7MB

  • Sample

    220118-31qn6seaf8

  • MD5

    bd4953dbce803a724515c75235cd92c0

  • SHA1

    2a5b7dc3122d036ce3d1afa22b2fc26c15841b11

  • SHA256

    d3dbd89bf43c2ade8f0c590ab831f5a3b200bb5bf370a13450523ef9f094437f

  • SHA512

    9569783104c9ba89bc2b86f99f2b10a156f372c31f5b90300d89f192fdfb2b07ef2ada2fb3dfe3bc52fc31b3ef8bd3678431c4b9b5b5b0a87ec1ab30e352ca82

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      bd4953dbce803a724515c75235cd92c0

    • Size

      1.7MB

    • MD5

      bd4953dbce803a724515c75235cd92c0

    • SHA1

      2a5b7dc3122d036ce3d1afa22b2fc26c15841b11

    • SHA256

      d3dbd89bf43c2ade8f0c590ab831f5a3b200bb5bf370a13450523ef9f094437f

    • SHA512

      9569783104c9ba89bc2b86f99f2b10a156f372c31f5b90300d89f192fdfb2b07ef2ada2fb3dfe3bc52fc31b3ef8bd3678431c4b9b5b5b0a87ec1ab30e352ca82

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks