General

  • Target

    3d96364b05eeca8c8e82542c15127c5c648177560e738afcd6160c22a5a4408c

  • Size

    1.7MB

  • Sample

    220118-yte7msdacn

  • MD5

    1e39c36d3f4413987ad1355c51836263

  • SHA1

    fa1ef8385f369ec76e648301f2f0ecc70a423c88

  • SHA256

    3d96364b05eeca8c8e82542c15127c5c648177560e738afcd6160c22a5a4408c

  • SHA512

    5c6da734f0ae38fb1aeaed779d067373dec7c8d637e3364a8cdffd4b8b855a5ea8b81687647bcfd1951ec0aa404d12bff413fdc05390c41794d112023f0ae178

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      3d96364b05eeca8c8e82542c15127c5c648177560e738afcd6160c22a5a4408c

    • Size

      1.7MB

    • MD5

      1e39c36d3f4413987ad1355c51836263

    • SHA1

      fa1ef8385f369ec76e648301f2f0ecc70a423c88

    • SHA256

      3d96364b05eeca8c8e82542c15127c5c648177560e738afcd6160c22a5a4408c

    • SHA512

      5c6da734f0ae38fb1aeaed779d067373dec7c8d637e3364a8cdffd4b8b855a5ea8b81687647bcfd1951ec0aa404d12bff413fdc05390c41794d112023f0ae178

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks