General

  • Target

    statement[2022.01.19_17-49].xll

  • Size

    1.7MB

  • Sample

    220119-xw36taceg2

  • MD5

    6e80883d6631c00da196bac92c3cb84e

  • SHA1

    9905e6233803f41eb2a098b00d13a9881e12b3da

  • SHA256

    6d54d95b0d2f94193e76948926a2982e4788163041cc976435e625d95f22d6db

  • SHA512

    6b69c69de73eee61b89acc31f30a16d5593402bdff77991a24e9cc7535c6ca685d7528357a3020912a0428a6b26423a034d9ad3c4500145e92d5a24cba01d660

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      statement[2022.01.19_17-49].xll

    • Size

      1.7MB

    • MD5

      6e80883d6631c00da196bac92c3cb84e

    • SHA1

      9905e6233803f41eb2a098b00d13a9881e12b3da

    • SHA256

      6d54d95b0d2f94193e76948926a2982e4788163041cc976435e625d95f22d6db

    • SHA512

      6b69c69de73eee61b89acc31f30a16d5593402bdff77991a24e9cc7535c6ca685d7528357a3020912a0428a6b26423a034d9ad3c4500145e92d5a24cba01d660

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks