General

  • Target

    https://1drv.ms/u/s!AtgqXw2ScIOhduuS-_MCLwmOqVI?e=i2wCmf

  • Sample

    220119-y83lgsdab4

Malware Config

Targets

    • Target

      https://1drv.ms/u/s!AtgqXw2ScIOhduuS-_MCLwmOqVI?e=i2wCmf

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks