General

  • Target

    ae5c387389575adab73f177a746b1f7e

  • Size

    1.7MB

  • Sample

    220119-t1zgmsbeg8

  • MD5

    ae5c387389575adab73f177a746b1f7e

  • SHA1

    b3e56b3dabed8f748d6e94c91c9c2f43fb0ad784

  • SHA256

    75cdb51337ba20c2f53bc8dac34e55678cc01b7698550ba91aaa3ce667af32c0

  • SHA512

    2a45a1094746463274e86bd48bcf40e820a0d4d56fae35d74e493978b9835e7877c42ddde0da5b3bce7df42e49edd64dcd5b243459480c84f4e1149972a950d4

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      ae5c387389575adab73f177a746b1f7e

    • Size

      1.7MB

    • MD5

      ae5c387389575adab73f177a746b1f7e

    • SHA1

      b3e56b3dabed8f748d6e94c91c9c2f43fb0ad784

    • SHA256

      75cdb51337ba20c2f53bc8dac34e55678cc01b7698550ba91aaa3ce667af32c0

    • SHA512

      2a45a1094746463274e86bd48bcf40e820a0d4d56fae35d74e493978b9835e7877c42ddde0da5b3bce7df42e49edd64dcd5b243459480c84f4e1149972a950d4

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks