General

  • Target

    Photoshop.exe

  • Size

    156.6MB

  • Sample

    230714-3k79aahc9w

  • MD5

    dc5e3b45b340d7a726234a2df56dce67

  • SHA1

    b670ac1a1784d10759fd9f59e65a18f8f9e4cf75

  • SHA256

    6a1c8e092b7955d1df9875fbb7c0cd68bc30d799c6b9c3fda2f4f3755bef3c3b

  • SHA512

    2f30dd627de35fe07f43ea760c226a33d8bd3da89a956c4865ed4cbcab54f6f911e0b420f6419b71f43f329486075f8051af1d4da4c9f99412f5bcf5e661eacf

  • SSDEEP

    786432:8CRtopibnnAlY7rH2/oahreKtOQ9p7eFGt7NBYcxmj+l3vNE/C6sVtvNEnhkiWaS:htopicY7rWleE9rt7M2Jlr

Malware Config

Targets

    • Target

      Photoshop.exe

    • Size

      156.6MB

    • MD5

      dc5e3b45b340d7a726234a2df56dce67

    • SHA1

      b670ac1a1784d10759fd9f59e65a18f8f9e4cf75

    • SHA256

      6a1c8e092b7955d1df9875fbb7c0cd68bc30d799c6b9c3fda2f4f3755bef3c3b

    • SHA512

      2f30dd627de35fe07f43ea760c226a33d8bd3da89a956c4865ed4cbcab54f6f911e0b420f6419b71f43f329486075f8051af1d4da4c9f99412f5bcf5e661eacf

    • SSDEEP

      786432:8CRtopibnnAlY7rH2/oahreKtOQ9p7eFGt7NBYcxmj+l3vNE/C6sVtvNEnhkiWaS:htopicY7rWleE9rt7M2Jlr

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Bazar/Team9 Loader payload

    • Contacts a large (598) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks