General

  • Target

    2c2070acd612d96b786e7f8e5ace1fa0965649d4da600936b9f99bf79e331a72

  • Size

    1.7MB

  • Sample

    220118-wkm5sacch7

  • MD5

    006a3070d15f0cb6ae1ea39b510983bb

  • SHA1

    bfe6656b66937c29eca1870f23d0077219d1e5dc

  • SHA256

    2c2070acd612d96b786e7f8e5ace1fa0965649d4da600936b9f99bf79e331a72

  • SHA512

    ebf623feaf1e1f153790e2510887b38d777ff2d14f1dc71f86764cea8b940a6e1deeec390b861aa00252cf5264beb681039fc32eeaebea6b4820e99982a457a5

Malware Config

Targets

    • Target

      2c2070acd612d96b786e7f8e5ace1fa0965649d4da600936b9f99bf79e331a72

    • Size

      1.7MB

    • MD5

      006a3070d15f0cb6ae1ea39b510983bb

    • SHA1

      bfe6656b66937c29eca1870f23d0077219d1e5dc

    • SHA256

      2c2070acd612d96b786e7f8e5ace1fa0965649d4da600936b9f99bf79e331a72

    • SHA512

      ebf623feaf1e1f153790e2510887b38d777ff2d14f1dc71f86764cea8b940a6e1deeec390b861aa00252cf5264beb681039fc32eeaebea6b4820e99982a457a5

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks