General

  • Target

    paraplanner.docx

  • Size

    174KB

  • Sample

    220404-d7b2xsabe5

  • MD5

    ef224d17c7b2d2887a238e037496ae83

  • SHA1

    aece94262ddca2bf181f02c17ec93d35fc3aab91

  • SHA256

    48d33f902d5d81182b60d6a3f1ccb88dde3538a4a07abf40617dc12e039fb7bd

  • SHA512

    edb0d3a70da93f93b7255a674f6d630f50f125a689ee7225d85b44963b43ad7cbe10ee67ba81cfe83537c155aa8852443ffb69dba6d497751863a4917bca5a81

Malware Config

Extracted

Family

bazarloader

C2

144.217.50.242

5.39.63.103

94.140.113.53

185.163.45.95

reddew28c.bazar

bluehail.bazar

whitestorm9p.bazar

Targets

    • Target

      paraplanner.docx

    • Size

      174KB

    • MD5

      ef224d17c7b2d2887a238e037496ae83

    • SHA1

      aece94262ddca2bf181f02c17ec93d35fc3aab91

    • SHA256

      48d33f902d5d81182b60d6a3f1ccb88dde3538a4a07abf40617dc12e039fb7bd

    • SHA512

      edb0d3a70da93f93b7255a674f6d630f50f125a689ee7225d85b44963b43ad7cbe10ee67ba81cfe83537c155aa8852443ffb69dba6d497751863a4917bca5a81

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

Remote System Discovery

1
T1018

Tasks