General

  • Target

    16f919cf7e6b8e005ce5d4bbe968c9c5

  • Size

    1.7MB

  • Sample

    220119-22wfdadhck

  • MD5

    16f919cf7e6b8e005ce5d4bbe968c9c5

  • SHA1

    de0163b10e54fa02a53aaf641b2158b58b50fe61

  • SHA256

    79cd208d8f4f4720ac7f85e0c3dabc8715dde7ce28e114d1bfd7372f30c10460

  • SHA512

    30e061b3d2ae136c076bc0335561177b63eec0868569e5fbe282a9f10e2d54b810031b9f4386aedf49c79732fbf2a7d10221be96021a6d8e632f458e30a602b7

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      16f919cf7e6b8e005ce5d4bbe968c9c5

    • Size

      1.7MB

    • MD5

      16f919cf7e6b8e005ce5d4bbe968c9c5

    • SHA1

      de0163b10e54fa02a53aaf641b2158b58b50fe61

    • SHA256

      79cd208d8f4f4720ac7f85e0c3dabc8715dde7ce28e114d1bfd7372f30c10460

    • SHA512

      30e061b3d2ae136c076bc0335561177b63eec0868569e5fbe282a9f10e2d54b810031b9f4386aedf49c79732fbf2a7d10221be96021a6d8e632f458e30a602b7

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks