General

  • Target

    STATEMENT[2022.01.19_17-49].xll

  • Size

    1.7MB

  • Sample

    220119-vvpwpabghp

  • MD5

    49ef5d87d209d461d434dcf528aca3e5

  • SHA1

    47046fcb91592569146af45a069513deab1f683a

  • SHA256

    145b3b470c4f1367520230eeab5e60f1a602d365d0189f376be193965450d952

  • SHA512

    dffc5e749f2c1db521140016e5155cace982d8dac8348869a4324757dc214a5f9392cae1519a68a43aa2db0ffff3ba76ef0fa6e1ddfb47462eddb1720d189cf3

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      STATEMENT[2022.01.19_17-49].xll

    • Size

      1.7MB

    • MD5

      49ef5d87d209d461d434dcf528aca3e5

    • SHA1

      47046fcb91592569146af45a069513deab1f683a

    • SHA256

      145b3b470c4f1367520230eeab5e60f1a602d365d0189f376be193965450d952

    • SHA512

      dffc5e749f2c1db521140016e5155cace982d8dac8348869a4324757dc214a5f9392cae1519a68a43aa2db0ffff3ba76ef0fa6e1ddfb47462eddb1720d189cf3

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks