General

  • Target

    82fd3b42362faaec6999856ed403c792

  • Size

    1.7MB

  • Sample

    220120-hemp6sgea5

  • MD5

    82fd3b42362faaec6999856ed403c792

  • SHA1

    ced3f41899c3c174223287806d3d24767e8ecafb

  • SHA256

    ad5f4db4dad54f1c69a36a826311d782671ab5e16af827e17920c8180ec28a2e

  • SHA512

    b374814762ab4b3ee83c944f926d34c7ce16476c74de874acd50340b0e1b4648c89667c392bc4d9b36f22a151261ea0719d5c1b995c9e528a53914f30b666892

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      82fd3b42362faaec6999856ed403c792

    • Size

      1.7MB

    • MD5

      82fd3b42362faaec6999856ed403c792

    • SHA1

      ced3f41899c3c174223287806d3d24767e8ecafb

    • SHA256

      ad5f4db4dad54f1c69a36a826311d782671ab5e16af827e17920c8180ec28a2e

    • SHA512

      b374814762ab4b3ee83c944f926d34c7ce16476c74de874acd50340b0e1b4648c89667c392bc4d9b36f22a151261ea0719d5c1b995c9e528a53914f30b666892

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Sets service image path in registry

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks