General

  • Target

    https://1drv.ms/u/s!Ak-gTSHxRMkBdy0mKTgjHYXBMes?e=3jNl4l

  • Sample

    220119-y9bt6achhn

Malware Config

Targets

    • Target

      https://1drv.ms/u/s!Ak-gTSHxRMkBdy0mKTgjHYXBMes?e=3jNl4l

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks