General

  • Target

    564ff55dbe619258820e95835d623e037c2daa146c81eb257f7c88ef28f76578

  • Size

    1.7MB

  • Sample

    220120-ajsszsecgr

  • MD5

    ce0fd24a68580b4a15ddc30880f09a6a

  • SHA1

    546af7fcb44a7b869ba50247ba322d26cc654f0c

  • SHA256

    564ff55dbe619258820e95835d623e037c2daa146c81eb257f7c88ef28f76578

  • SHA512

    13771e253eb352e594ccb797ea480307f32445a8ce3d2c3a5a494c6f5bc950945bcf7a43453b8a5b5248bfd6a7c0b52e2580523c6800e2d8f752d80a3e3a067a

Malware Config

Targets

    • Target

      564ff55dbe619258820e95835d623e037c2daa146c81eb257f7c88ef28f76578

    • Size

      1.7MB

    • MD5

      ce0fd24a68580b4a15ddc30880f09a6a

    • SHA1

      546af7fcb44a7b869ba50247ba322d26cc654f0c

    • SHA256

      564ff55dbe619258820e95835d623e037c2daa146c81eb257f7c88ef28f76578

    • SHA512

      13771e253eb352e594ccb797ea480307f32445a8ce3d2c3a5a494c6f5bc950945bcf7a43453b8a5b5248bfd6a7c0b52e2580523c6800e2d8f752d80a3e3a067a

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks