General

  • Target

    498c30c98a045f98f6552cafce228653

  • Size

    1.7MB

  • Sample

    220118-3tfwdseahj

  • MD5

    498c30c98a045f98f6552cafce228653

  • SHA1

    67dfcf72ac630c4d4d0b1fa4454d63c21352398e

  • SHA256

    488453b2c3d9e532d42bcb634b9817cb02b5fbf3bdbb4d12f24abca359e44089

  • SHA512

    e6068a5a0afda3a2f0c5b91cce0915c96994968bfff35a6161b631cb6eb9db36f54c59f9092ca04942a9c3f76931089fed2f79aa7d36162f970c102a25b88108

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      498c30c98a045f98f6552cafce228653

    • Size

      1.7MB

    • MD5

      498c30c98a045f98f6552cafce228653

    • SHA1

      67dfcf72ac630c4d4d0b1fa4454d63c21352398e

    • SHA256

      488453b2c3d9e532d42bcb634b9817cb02b5fbf3bdbb4d12f24abca359e44089

    • SHA512

      e6068a5a0afda3a2f0c5b91cce0915c96994968bfff35a6161b631cb6eb9db36f54c59f9092ca04942a9c3f76931089fed2f79aa7d36162f970c102a25b88108

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks