General

  • Target

    8b69fc47439e1e4eced2b4d640919d6f

  • Size

    1.7MB

  • Sample

    220118-3t2g4aeahm

  • MD5

    8b69fc47439e1e4eced2b4d640919d6f

  • SHA1

    8e001e06b171a08890d4c783fcbb03b7ae9cc2bb

  • SHA256

    d6c5958b3428b877f04dbfe926d80823e014e182b2cda18c0b0e9f2fde835d44

  • SHA512

    4169592821ad5db101e25becf5c17c69360435f5fb3aed1485d20c8f166d8727e8e83891c3a5bd84fa096e8fd21e6987d7cb06de4d47244b8bc08e6325905a46

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      8b69fc47439e1e4eced2b4d640919d6f

    • Size

      1.7MB

    • MD5

      8b69fc47439e1e4eced2b4d640919d6f

    • SHA1

      8e001e06b171a08890d4c783fcbb03b7ae9cc2bb

    • SHA256

      d6c5958b3428b877f04dbfe926d80823e014e182b2cda18c0b0e9f2fde835d44

    • SHA512

      4169592821ad5db101e25becf5c17c69360435f5fb3aed1485d20c8f166d8727e8e83891c3a5bd84fa096e8fd21e6987d7cb06de4d47244b8bc08e6325905a46

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks