General

  • Target

    77461abc7157340cedea763e2813c965

  • Size

    1.7MB

  • Sample

    220118-31qn6sebbr

  • MD5

    77461abc7157340cedea763e2813c965

  • SHA1

    f842ba990c8df5f05d11d00873cbc5c0e082dff4

  • SHA256

    52db9c20a7e362af2fd93800154e761a7fbc7253b9c97d77ec2df6c6e691e0c2

  • SHA512

    0ce714c92719788605b4b8d7cb27b481963ce9a6084af183e75a246bc23d0fab65dc86fc395aa46d1ec8b47e0c9cfda7a0efd63dc9af865ce2bfd9668cb5b456

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      77461abc7157340cedea763e2813c965

    • Size

      1.7MB

    • MD5

      77461abc7157340cedea763e2813c965

    • SHA1

      f842ba990c8df5f05d11d00873cbc5c0e082dff4

    • SHA256

      52db9c20a7e362af2fd93800154e761a7fbc7253b9c97d77ec2df6c6e691e0c2

    • SHA512

      0ce714c92719788605b4b8d7cb27b481963ce9a6084af183e75a246bc23d0fab65dc86fc395aa46d1ec8b47e0c9cfda7a0efd63dc9af865ce2bfd9668cb5b456

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks