General

  • Target

    f7a45008c19652c6e48896a7b5abec6c33baff2f663f72457e4efac3e95c48e8

  • Size

    1.7MB

  • Sample

    220120-cw7h1sfagm

  • MD5

    6a92b399a57b116300b9f24863d756b8

  • SHA1

    39ebf4b25f551780188dc80e3897ecdfd047ffd9

  • SHA256

    f7a45008c19652c6e48896a7b5abec6c33baff2f663f72457e4efac3e95c48e8

  • SHA512

    9fb572d478f0da258fe82e1732eceea0345b6b12672550fd238963385dd3a6a9fdd47f89b98a6ac5b57adedd1d8bbf225a062071b6a658f52f993b7deb367e9b

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      f7a45008c19652c6e48896a7b5abec6c33baff2f663f72457e4efac3e95c48e8

    • Size

      1.7MB

    • MD5

      6a92b399a57b116300b9f24863d756b8

    • SHA1

      39ebf4b25f551780188dc80e3897ecdfd047ffd9

    • SHA256

      f7a45008c19652c6e48896a7b5abec6c33baff2f663f72457e4efac3e95c48e8

    • SHA512

      9fb572d478f0da258fe82e1732eceea0345b6b12672550fd238963385dd3a6a9fdd47f89b98a6ac5b57adedd1d8bbf225a062071b6a658f52f993b7deb367e9b

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Sets service image path in registry

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks