General

  • Target

    4f5fdd31a9968ef180ac139cd711f49708ee61c0959d0507d65ea29c90033606

  • Size

    1.7MB

  • Sample

    220118-zhqdxadcbn

  • MD5

    c7da2ee3748414e507ba5c114e1be02d

  • SHA1

    4d2748be085b305c4a1a7a273ce860bc6ce3aef4

  • SHA256

    4f5fdd31a9968ef180ac139cd711f49708ee61c0959d0507d65ea29c90033606

  • SHA512

    721f49712edebb0f2513b874ab2ea776aa46f2724c4b7c10e3addf48013709a2991545ebb6144d04ee98ea26025234b43b16cbcc5ecb20badd46d4546b8c446b

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      4f5fdd31a9968ef180ac139cd711f49708ee61c0959d0507d65ea29c90033606

    • Size

      1.7MB

    • MD5

      c7da2ee3748414e507ba5c114e1be02d

    • SHA1

      4d2748be085b305c4a1a7a273ce860bc6ce3aef4

    • SHA256

      4f5fdd31a9968ef180ac139cd711f49708ee61c0959d0507d65ea29c90033606

    • SHA512

      721f49712edebb0f2513b874ab2ea776aa46f2724c4b7c10e3addf48013709a2991545ebb6144d04ee98ea26025234b43b16cbcc5ecb20badd46d4546b8c446b

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks