Resubmissions

01-02-2022 01:10

220201-bjlkcafba8 10

01-02-2022 00:22

220201-anxmqsefa6 10

General

  • Target

    picture.jpg

  • Size

    308KB

  • Sample

    220201-bjlkcafba8

  • MD5

    21c62adba10a2f518357106947a3410c

  • SHA1

    607df191b24b5bc402bf4b37272c855c8ebb9dff

  • SHA256

    716f2ae73525362939d52104e809ea9da5e031f9d31f0b53d8de77df989c8b85

  • SHA512

    049c14038e81afa17759a27456207a39f18c08b2a65a56d786dcb458ae9544b1f061f408b07c1d614ddb9baf0fa0c20115e822095446c208016b9dfef243bdde

Malware Config

Targets

    • Target

      picture.jpg

    • Size

      308KB

    • MD5

      21c62adba10a2f518357106947a3410c

    • SHA1

      607df191b24b5bc402bf4b37272c855c8ebb9dff

    • SHA256

      716f2ae73525362939d52104e809ea9da5e031f9d31f0b53d8de77df989c8b85

    • SHA512

      049c14038e81afa17759a27456207a39f18c08b2a65a56d786dcb458ae9544b1f061f408b07c1d614ddb9baf0fa0c20115e822095446c208016b9dfef243bdde

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Sets service image path in registry

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

MITRE ATT&CK Enterprise v6

Tasks