General

  • Target

    b2e7408b9eb3af0bb7c4267432fa08e92fd335ddc72a69acbab123a7d919fb44

  • Size

    1.7MB

  • Sample

    220120-dezmhsfbhj

  • MD5

    bf17e17ac450bdb3c8facde0f72402bd

  • SHA1

    e31a8d85239522ef7542291cc66c3ba30d5cb8f1

  • SHA256

    b2e7408b9eb3af0bb7c4267432fa08e92fd335ddc72a69acbab123a7d919fb44

  • SHA512

    64c042d649f83e851086c7172220cecd937f482a50f48e56714bf43ad328ccfa555b69d5f2d3f72254f3daf113bfdffaf446532b3aeee2b3c998a9b557ce7ea5

Malware Config

Targets

    • Target

      b2e7408b9eb3af0bb7c4267432fa08e92fd335ddc72a69acbab123a7d919fb44

    • Size

      1.7MB

    • MD5

      bf17e17ac450bdb3c8facde0f72402bd

    • SHA1

      e31a8d85239522ef7542291cc66c3ba30d5cb8f1

    • SHA256

      b2e7408b9eb3af0bb7c4267432fa08e92fd335ddc72a69acbab123a7d919fb44

    • SHA512

      64c042d649f83e851086c7172220cecd937f482a50f48e56714bf43ad328ccfa555b69d5f2d3f72254f3daf113bfdffaf446532b3aeee2b3c998a9b557ce7ea5

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks