General

  • Target

    08bf0258a2a82e0ad674a14bcbbac2d84a61cbcb4b172d795ec128eb79831adb

  • Size

    1.7MB

  • Sample

    220118-wxwyfsceck

  • MD5

    e63bbea6b4610fda6d0d54a9ed4b49bc

  • SHA1

    d9ca7b5a4ddc10452662c0231145b8e20ef0b7d5

  • SHA256

    08bf0258a2a82e0ad674a14bcbbac2d84a61cbcb4b172d795ec128eb79831adb

  • SHA512

    d315c8307b918951bbf63a838d86af5272a21192021e5d1438f52da3ecfe42301d47d7d5d49e777c84180e2fe23d149155d7a4ed47086bb0a7b79679c25197af

Malware Config

Targets

    • Target

      08bf0258a2a82e0ad674a14bcbbac2d84a61cbcb4b172d795ec128eb79831adb

    • Size

      1.7MB

    • MD5

      e63bbea6b4610fda6d0d54a9ed4b49bc

    • SHA1

      d9ca7b5a4ddc10452662c0231145b8e20ef0b7d5

    • SHA256

      08bf0258a2a82e0ad674a14bcbbac2d84a61cbcb4b172d795ec128eb79831adb

    • SHA512

      d315c8307b918951bbf63a838d86af5272a21192021e5d1438f52da3ecfe42301d47d7d5d49e777c84180e2fe23d149155d7a4ed47086bb0a7b79679c25197af

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks