General

  • Target

    fa8506376e363d8dfa767e7e4da6b56b

  • Size

    1.7MB

  • Sample

    220118-3t17bseac8

  • MD5

    fa8506376e363d8dfa767e7e4da6b56b

  • SHA1

    c2d9101667a55f430c0513cbf748be8723b9e245

  • SHA256

    09f0d56342e53b1af01eceb399c3f0bde5e61ff654d9117a57868466750e2e93

  • SHA512

    1074927abee15cfc9a51ab9cc160a8c339a7a2989399d5543ed2d00daa03b544b0d92d02eb35c8fad3ed037ae00e125619d587cfd3506322c337c56b21c15865

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      fa8506376e363d8dfa767e7e4da6b56b

    • Size

      1.7MB

    • MD5

      fa8506376e363d8dfa767e7e4da6b56b

    • SHA1

      c2d9101667a55f430c0513cbf748be8723b9e245

    • SHA256

      09f0d56342e53b1af01eceb399c3f0bde5e61ff654d9117a57868466750e2e93

    • SHA512

      1074927abee15cfc9a51ab9cc160a8c339a7a2989399d5543ed2d00daa03b544b0d92d02eb35c8fad3ed037ae00e125619d587cfd3506322c337c56b21c15865

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks