General

  • Target

    7912ecf58bf36144f792f5fb357c4194229b1e3728d9852c4376fa297ddaad5f

  • Size

    1.7MB

  • Sample

    220120-gebggagbbl

  • MD5

    ac96920684c5c701f1c69152019d50ac

  • SHA1

    faaceebc1bc32ff76a338cadf0df9988ee7d326f

  • SHA256

    7912ecf58bf36144f792f5fb357c4194229b1e3728d9852c4376fa297ddaad5f

  • SHA512

    a8951b3a12ad11d2aa37d0441eacdacfb0045a89c4c93eada0e0dd7b21e464d7a16be7f627218186d3e7a0ddb3357bf8267e0dc528163f05bc7eba514d05fb2f

Malware Config

Targets

    • Target

      7912ecf58bf36144f792f5fb357c4194229b1e3728d9852c4376fa297ddaad5f

    • Size

      1.7MB

    • MD5

      ac96920684c5c701f1c69152019d50ac

    • SHA1

      faaceebc1bc32ff76a338cadf0df9988ee7d326f

    • SHA256

      7912ecf58bf36144f792f5fb357c4194229b1e3728d9852c4376fa297ddaad5f

    • SHA512

      a8951b3a12ad11d2aa37d0441eacdacfb0045a89c4c93eada0e0dd7b21e464d7a16be7f627218186d3e7a0ddb3357bf8267e0dc528163f05bc7eba514d05fb2f

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks