General

  • Target

    rt3ret3(3).exe

  • Size

    236KB

  • Sample

    240328-phbkmsaa54

  • MD5

    efa4b2e7d7016a1f80efff5840de3a18

  • SHA1

    04606786daa6313867c7ada1f0c9c925d9b602fb

  • SHA256

    291c573996c647508544e8e21bd2764e6e4c834d53d6d2c8903a0001c783764b

  • SHA512

    11446166922efb329d547ce329fb3ed70a3a99c1c037533beaecefd16d4a67c9dc9201592b0428a06fd956e4bb5caf3f7997a86200792e3e29a041f0963b2ced

  • SSDEEP

    6144:NgsO6Xkm0RsQNCR/JG+z5nLGcKYp05dMgSsXMH7/wrtKHRAwrcKxN:7GRsQ6RLhLGO05dMgrXwTKtKxA5w

Malware Config

Extracted

Family

bazarloader

C2

vacationinsydney2021.bazar

bestsightsofwildaustralia.bazar

sydneynewtours.bazar

Targets

    • Target

      rt3ret3(3).exe

    • Size

      236KB

    • MD5

      efa4b2e7d7016a1f80efff5840de3a18

    • SHA1

      04606786daa6313867c7ada1f0c9c925d9b602fb

    • SHA256

      291c573996c647508544e8e21bd2764e6e4c834d53d6d2c8903a0001c783764b

    • SHA512

      11446166922efb329d547ce329fb3ed70a3a99c1c037533beaecefd16d4a67c9dc9201592b0428a06fd956e4bb5caf3f7997a86200792e3e29a041f0963b2ced

    • SSDEEP

      6144:NgsO6Xkm0RsQNCR/JG+z5nLGcKYp05dMgSsXMH7/wrtKHRAwrcKxN:7GRsQ6RLhLGO05dMgrXwTKtKxA5w

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Bazar/Team9 Loader payload

MITRE ATT&CK Matrix ATT&CK v13

Tasks