General

  • Target

    3bd7357d0ba62270d8c3bcff6e335820

  • Size

    1.7MB

  • Sample

    220118-3tfwdseac4

  • MD5

    3bd7357d0ba62270d8c3bcff6e335820

  • SHA1

    1619e10be5789fab0f69e26353ee0e9669b4c7ad

  • SHA256

    2a44ed0a9fda586147fb82a9927090f745e68887712a29d34e4bb1c52a83fba3

  • SHA512

    cf35c7a66feb38a01ab082d44d2153ad6f97349d210a07966f9b5154e94f121bbf2cf31dd7e499e54188f2a0857a1c92837e2de69b640e3e1adf0b04ee89e746

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      3bd7357d0ba62270d8c3bcff6e335820

    • Size

      1.7MB

    • MD5

      3bd7357d0ba62270d8c3bcff6e335820

    • SHA1

      1619e10be5789fab0f69e26353ee0e9669b4c7ad

    • SHA256

      2a44ed0a9fda586147fb82a9927090f745e68887712a29d34e4bb1c52a83fba3

    • SHA512

      cf35c7a66feb38a01ab082d44d2153ad6f97349d210a07966f9b5154e94f121bbf2cf31dd7e499e54188f2a0857a1c92837e2de69b640e3e1adf0b04ee89e746

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks