General

  • Target

    f788a8ef14ef471ca30ba366c02b440912db3a113941edc77c1da9cd7b03c513

  • Size

    1.7MB

  • Sample

    220118-v8236sccd2

  • MD5

    131b21ffb3e6646c8c9309d866d0eda4

  • SHA1

    b77ef81dba82538f053b67bd8c4a1fc54a0835ed

  • SHA256

    f788a8ef14ef471ca30ba366c02b440912db3a113941edc77c1da9cd7b03c513

  • SHA512

    f85939d903cddbc223f73adad578c45728d96a4fd7faeee09ddb2d52b68661a9801dd37871117f6f300eba8af356ea2fe60254066054dc6977f97ba8a81104b7

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      f788a8ef14ef471ca30ba366c02b440912db3a113941edc77c1da9cd7b03c513

    • Size

      1.7MB

    • MD5

      131b21ffb3e6646c8c9309d866d0eda4

    • SHA1

      b77ef81dba82538f053b67bd8c4a1fc54a0835ed

    • SHA256

      f788a8ef14ef471ca30ba366c02b440912db3a113941edc77c1da9cd7b03c513

    • SHA512

      f85939d903cddbc223f73adad578c45728d96a4fd7faeee09ddb2d52b68661a9801dd37871117f6f300eba8af356ea2fe60254066054dc6977f97ba8a81104b7

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks