General

  • Target

    e397e69d94adae69848267c77b54d3599d27f95de11631020b1348b087fcab3b

  • Size

    1.7MB

  • Sample

    220120-fb7j3afgep

  • MD5

    1f291f709c4c0039d33fea2b4bcbcf66

  • SHA1

    a43b5e74a42986827427f10bcdc11a1dc464c28c

  • SHA256

    e397e69d94adae69848267c77b54d3599d27f95de11631020b1348b087fcab3b

  • SHA512

    1a572422f704cd012931579093155947b89952597dfe673d7ac15fdec389f691548a5fb915c5de5a27abe84856f264ca12bb8951a5b03dd2b9ab39e04c6a340f

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      e397e69d94adae69848267c77b54d3599d27f95de11631020b1348b087fcab3b

    • Size

      1.7MB

    • MD5

      1f291f709c4c0039d33fea2b4bcbcf66

    • SHA1

      a43b5e74a42986827427f10bcdc11a1dc464c28c

    • SHA256

      e397e69d94adae69848267c77b54d3599d27f95de11631020b1348b087fcab3b

    • SHA512

      1a572422f704cd012931579093155947b89952597dfe673d7ac15fdec389f691548a5fb915c5de5a27abe84856f264ca12bb8951a5b03dd2b9ab39e04c6a340f

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Sets service image path in registry

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks