General

  • Target

    13bc88ede0b07077de8c91f1d552939b

  • Size

    1.7MB

  • Sample

    220119-aaf3tsebcp

  • MD5

    13bc88ede0b07077de8c91f1d552939b

  • SHA1

    f517a3933b6aaffe605b8a625c34eeff2ac53cb9

  • SHA256

    9bfe3e664dea6ec4c143d6beb35b7cef737163ee64f78e06e4d779859c046138

  • SHA512

    1814fd33d280e20c5f53e19de0ace86c4e98abf785ef351837458f0b4660bdae3c377bb6a5eda8881fd0ea8b0bde28ed98a319839e747f118422bfda9de2662e

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      13bc88ede0b07077de8c91f1d552939b

    • Size

      1.7MB

    • MD5

      13bc88ede0b07077de8c91f1d552939b

    • SHA1

      f517a3933b6aaffe605b8a625c34eeff2ac53cb9

    • SHA256

      9bfe3e664dea6ec4c143d6beb35b7cef737163ee64f78e06e4d779859c046138

    • SHA512

      1814fd33d280e20c5f53e19de0ace86c4e98abf785ef351837458f0b4660bdae3c377bb6a5eda8881fd0ea8b0bde28ed98a319839e747f118422bfda9de2662e

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks