General

  • Target

    438e65524f3aed305bd5965137ca17cd7cff32a2e26b91c37ae0a16b9e696e57

  • Size

    460KB

  • Sample

    220413-k4j2paaghm

  • MD5

    f2a3b6fe5c228fb7281d726ff0644621

  • SHA1

    90d027758231d4a52b9b7e2c9e75b88ea09858e1

  • SHA256

    55ee67b7bad6f5e4de26d0f88c58dd6f6528327be644d434f21c4b86c1bb4659

  • SHA512

    d2429c5f386f3d09ec1efa5e8506ff6f692d86b1ee86c3b899829e1163a190b5e301a9b7f541eed087718bf86cdcc58ae519520cf7ced0fbb8985e404de9510f

Malware Config

Extracted

Family

bazarloader

C2

reddew28c.bazar

Targets

    • Target

      438e65524f3aed305bd5965137ca17cd7cff32a2e26b91c37ae0a16b9e696e57

    • Size

      712KB

    • MD5

      115cb0ec229fd573d4dd2185f97a750e

    • SHA1

      356dccb236839ebea822d842fec20123ed9180de

    • SHA256

      438e65524f3aed305bd5965137ca17cd7cff32a2e26b91c37ae0a16b9e696e57

    • SHA512

      7db15f39baf208a3885b6991fe93f69d1905ef97bf52988b7febec76034da8bf70035fb091b58942d3d66dd37178110384ff02360988bb1e9fa7a62a71df49a6

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Bazar/Team9 Loader payload

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation