General

  • Target

    80060b128b6d4813f184d33b53972dea

  • Size

    1.7MB

  • Sample

    220120-jptrxaggfm

  • MD5

    80060b128b6d4813f184d33b53972dea

  • SHA1

    f3bd01cd5ac96d660ec90ad1b81c5d6923978909

  • SHA256

    4db56cc519b8fe92f608a30bf32477b62c1f154de183e7f075bb4cf68e918a83

  • SHA512

    2dddf97895d239cfb0fa2fd03e2101204ed6d58ecf86f1cc02c4d5ee7fd9d36c62f719cca02001ac75b0a4a63f303acb8e2735261fdeac2976949d23c53e137a

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      80060b128b6d4813f184d33b53972dea

    • Size

      1.7MB

    • MD5

      80060b128b6d4813f184d33b53972dea

    • SHA1

      f3bd01cd5ac96d660ec90ad1b81c5d6923978909

    • SHA256

      4db56cc519b8fe92f608a30bf32477b62c1f154de183e7f075bb4cf68e918a83

    • SHA512

      2dddf97895d239cfb0fa2fd03e2101204ed6d58ecf86f1cc02c4d5ee7fd9d36c62f719cca02001ac75b0a4a63f303acb8e2735261fdeac2976949d23c53e137a

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks