General

  • Target

    f355eb875cebdf6418598393987aba03

  • Size

    1.7MB

  • Sample

    220119-aaf3tsebcq

  • MD5

    f355eb875cebdf6418598393987aba03

  • SHA1

    558c007d1f4ae8e10d5216fec28d624f0097d31f

  • SHA256

    964e1ff84b5c231a5176e2e4425d1e8b9186f0b62c02d492505872d48f6dd58b

  • SHA512

    232964841b6deabf8fec36b5ccdd98f78a72a8cdda9ddc71fee5d7f4cee742049bd78e6b295c02d111ff1172022be8de8b79d07574ab5028ff22acf45e01644a

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      f355eb875cebdf6418598393987aba03

    • Size

      1.7MB

    • MD5

      f355eb875cebdf6418598393987aba03

    • SHA1

      558c007d1f4ae8e10d5216fec28d624f0097d31f

    • SHA256

      964e1ff84b5c231a5176e2e4425d1e8b9186f0b62c02d492505872d48f6dd58b

    • SHA512

      232964841b6deabf8fec36b5ccdd98f78a72a8cdda9ddc71fee5d7f4cee742049bd78e6b295c02d111ff1172022be8de8b79d07574ab5028ff22acf45e01644a

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks