General

  • Target

    f1ee4d45ec92b5cdbd820781f9a65894

  • Size

    1.7MB

  • Sample

    220119-22wfdaeaa9

  • MD5

    f1ee4d45ec92b5cdbd820781f9a65894

  • SHA1

    bfc80b287fb32251339bb94c2c66b2a7ec9f74db

  • SHA256

    092d57e94574cc3a9afa80daf5b3cb26160e4e4a55df6e48cbb4e314cfe6f509

  • SHA512

    b46be98f565d3bb87c5e588f3027cfa4d834d91f167de16b67c065416eb2ebc266db7241b5394a365eb653264ff770b575627b8a05b4e4a58e630e88d0d4a8bb

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      f1ee4d45ec92b5cdbd820781f9a65894

    • Size

      1.7MB

    • MD5

      f1ee4d45ec92b5cdbd820781f9a65894

    • SHA1

      bfc80b287fb32251339bb94c2c66b2a7ec9f74db

    • SHA256

      092d57e94574cc3a9afa80daf5b3cb26160e4e4a55df6e48cbb4e314cfe6f509

    • SHA512

      b46be98f565d3bb87c5e588f3027cfa4d834d91f167de16b67c065416eb2ebc266db7241b5394a365eb653264ff770b575627b8a05b4e4a58e630e88d0d4a8bb

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Sets service image path in registry

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks