General

  • Target

    9239a70ebe52745f203865cadc378167

  • Size

    1.7MB

  • Sample

    220118-3t17bseahk

  • MD5

    9239a70ebe52745f203865cadc378167

  • SHA1

    f943c739d2f03febfac2ed3c022e3743fcba7123

  • SHA256

    7d27d8e926562f49922248582238865036fbce5d84fc42cf02ed8fcac1a4074d

  • SHA512

    bfe821a20b4a53ef5a55fc8618a903c49264e455ce0765c75e6b5a38c6f2647816fcedcd2d5d8cfccde56cbf7e3ebfa24c4f82ef2d6d521025b37277fae5ce6b

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      9239a70ebe52745f203865cadc378167

    • Size

      1.7MB

    • MD5

      9239a70ebe52745f203865cadc378167

    • SHA1

      f943c739d2f03febfac2ed3c022e3743fcba7123

    • SHA256

      7d27d8e926562f49922248582238865036fbce5d84fc42cf02ed8fcac1a4074d

    • SHA512

      bfe821a20b4a53ef5a55fc8618a903c49264e455ce0765c75e6b5a38c6f2647816fcedcd2d5d8cfccde56cbf7e3ebfa24c4f82ef2d6d521025b37277fae5ce6b

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks