General

  • Target

    GaocQhI1_PVadIF.zip

  • Size

    554KB

  • Sample

    220119-161efsdfck

  • MD5

    e7f640c5752dd847250a88ee82387c11

  • SHA1

    2a0d45167a5c2567d9ec910e3398d013107d5800

  • SHA256

    afadc93755184cb687170be7b9499cb81886dabe575fa40bef3bf3897a87493f

  • SHA512

    16f3f4d29cd1b2b9a64d0c710e5d3ba6a781fec902f9930cb39547d5419fcaaebd4c2069d5818029ea6c42777fa550b99b1a4077d930980aef506b9d2ae510ba

Malware Config

Targets

    • Target

      new_working_conditions[2022.01.19_17-49].xll

    • Size

      1.7MB

    • MD5

      4595fef4ad3d28eba76416f4788febcc

    • SHA1

      74c730faba56db829c2847c95352d165abf3023f

    • SHA256

      29c231e5e6559618d30532ef0b4585fda85b9b367aa81a5d91aba1932ae68658

    • SHA512

      2a7128da9485f9fd4fa5e335a868d4537090775aa2df434707d86dba09df16b4bb59a46e7a3407bc76f36e7e32ab14d12de82c50ceb11039247dce0cc960c650

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks