General

  • Target

    a7b5773f21c69c8e2706df0b3807de47

  • Size

    1.7MB

  • Sample

    220120-hemp6sgea7

  • MD5

    a7b5773f21c69c8e2706df0b3807de47

  • SHA1

    efa02e80c7b3899b1c3092d1a164239e8870a848

  • SHA256

    18f5ade40bc5441aa11d03672f5a08e0b05e3fdeca5f2903a565ca7632d9e537

  • SHA512

    41de1d8a764d0eabffe45d47624d11fa33c3075bb7b85383a0161258cc1d973f79694bd00418213fa273f15a1bc9ef1aad6613ca5eed5cf40271610dadc74b7f

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      a7b5773f21c69c8e2706df0b3807de47

    • Size

      1.7MB

    • MD5

      a7b5773f21c69c8e2706df0b3807de47

    • SHA1

      efa02e80c7b3899b1c3092d1a164239e8870a848

    • SHA256

      18f5ade40bc5441aa11d03672f5a08e0b05e3fdeca5f2903a565ca7632d9e537

    • SHA512

      41de1d8a764d0eabffe45d47624d11fa33c3075bb7b85383a0161258cc1d973f79694bd00418213fa273f15a1bc9ef1aad6613ca5eed5cf40271610dadc74b7f

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks