General

  • Target

    67f4fd489993694bb055692c0f8bd889

  • Size

    1.7MB

  • Sample

    220120-hemp6sgea6

  • MD5

    67f4fd489993694bb055692c0f8bd889

  • SHA1

    1bc68381f7bad8d3074c2b9c4fe2c82d39bf884f

  • SHA256

    a19a61482e4b0b342546fdc14c13f206569e47b6c6ae310136cfd54bdc5b32d8

  • SHA512

    0c90baf2fcd5c5234219346f11759bac9a820dfa01800e2ad086c8348f8df1d7112191bf004f36d0cae46e585012f29302194b07709ab84b09fcfdbe9b236920

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      67f4fd489993694bb055692c0f8bd889

    • Size

      1.7MB

    • MD5

      67f4fd489993694bb055692c0f8bd889

    • SHA1

      1bc68381f7bad8d3074c2b9c4fe2c82d39bf884f

    • SHA256

      a19a61482e4b0b342546fdc14c13f206569e47b6c6ae310136cfd54bdc5b32d8

    • SHA512

      0c90baf2fcd5c5234219346f11759bac9a820dfa01800e2ad086c8348f8df1d7112191bf004f36d0cae46e585012f29302194b07709ab84b09fcfdbe9b236920

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Sets service image path in registry

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks