General

  • Target

    a9f6712e7cf49bddcbdef715d13768157f94252be28bd74331a9ff963401137c

  • Size

    1.7MB

  • Sample

    220119-aepwjaebc3

  • MD5

    44b44fbf4c7fbd56e8cf7411054aa0d6

  • SHA1

    5e7822e039183a026e10ee02ce50033148b8bbdd

  • SHA256

    a9f6712e7cf49bddcbdef715d13768157f94252be28bd74331a9ff963401137c

  • SHA512

    7820502414958f5fd8720ddc6e414af06c9ff5340876e913a96e563a16d5ffd02013fb784cdfa2a97c70d84fdb32e03dde5421277db2ea87b010bc5b36d673ca

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      a9f6712e7cf49bddcbdef715d13768157f94252be28bd74331a9ff963401137c

    • Size

      1.7MB

    • MD5

      44b44fbf4c7fbd56e8cf7411054aa0d6

    • SHA1

      5e7822e039183a026e10ee02ce50033148b8bbdd

    • SHA256

      a9f6712e7cf49bddcbdef715d13768157f94252be28bd74331a9ff963401137c

    • SHA512

      7820502414958f5fd8720ddc6e414af06c9ff5340876e913a96e563a16d5ffd02013fb784cdfa2a97c70d84fdb32e03dde5421277db2ea87b010bc5b36d673ca

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks