General

  • Target

    9f99abf0edf0c585155192ef48ca7c3eaa1a479f594ce2ca6406c92f02e1e7fe

  • Size

    1.7MB

  • Sample

    220119-wns57scbf4

  • MD5

    255f13e3ba9b087779d54f55d7b32dfb

  • SHA1

    64cd4e8796e8f0f500376f682e831d88118409be

  • SHA256

    9f99abf0edf0c585155192ef48ca7c3eaa1a479f594ce2ca6406c92f02e1e7fe

  • SHA512

    1dedd8b2f535fa7968a477b796c3c81cf80454ce83e147c926f28900c86f7b3b26f039fc89a4ee8773125e8222967054cfd8640960166c940ac8b1cd899eb267

Malware Config

Targets

    • Target

      9f99abf0edf0c585155192ef48ca7c3eaa1a479f594ce2ca6406c92f02e1e7fe

    • Size

      1.7MB

    • MD5

      255f13e3ba9b087779d54f55d7b32dfb

    • SHA1

      64cd4e8796e8f0f500376f682e831d88118409be

    • SHA256

      9f99abf0edf0c585155192ef48ca7c3eaa1a479f594ce2ca6406c92f02e1e7fe

    • SHA512

      1dedd8b2f535fa7968a477b796c3c81cf80454ce83e147c926f28900c86f7b3b26f039fc89a4ee8773125e8222967054cfd8640960166c940ac8b1cd899eb267

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks