General

  • Target

    127839.xls

  • Size

    328KB

  • Sample

    220404-dm16bahad9

  • MD5

    c29dc151fcd638fe2ddc814b869b39b7

  • SHA1

    949974b10b64eaf21f88dfee55070ae65e1825a1

  • SHA256

    09c6f8070ebacdee9e649748922e5a5b100ac8723b6bf46467ea7a6ca7443523

  • SHA512

    011fb6ade8c7641a73830b32571c66f07b103f9cf9e4a615e912016c6784ee8a33e487de26d71d0ce36c21a585ea4292fd448f9a51685a8bf542cec59c2464aa

Malware Config

Extracted

Family

bazarloader

C2

reddew28c.bazar

Targets

    • Target

      127839.xls

    • Size

      328KB

    • MD5

      c29dc151fcd638fe2ddc814b869b39b7

    • SHA1

      949974b10b64eaf21f88dfee55070ae65e1825a1

    • SHA256

      09c6f8070ebacdee9e649748922e5a5b100ac8723b6bf46467ea7a6ca7443523

    • SHA512

      011fb6ade8c7641a73830b32571c66f07b103f9cf9e4a615e912016c6784ee8a33e487de26d71d0ce36c21a585ea4292fd448f9a51685a8bf542cec59c2464aa

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks