General

  • Target

    01c709203eddc996c2f3432661ba5316_JaffaCakes118

  • Size

    323KB

  • Sample

    240930-rm5emazcpj

  • MD5

    01c709203eddc996c2f3432661ba5316

  • SHA1

    b5d5945d2c67824ba084bc0f546511f71677a25e

  • SHA256

    cbf60d6fa0473f1a0290e278479a1786daea784d7dc2a63198292f7a9ec1a2a1

  • SHA512

    b92ef9637ad8d71cfb5878be83551c31b11b009e5f5643d0a11a91b0ba2cdabb2bb6ad77a6ca65d24a28f33606fa03a2f86038efa50587ddd21fd84b7972f8bd

  • SSDEEP

    6144:wXVlSsCrDRKqimtDMCfh55SEYpv0WMIyOzG/fK/rcZMIMhuz:SVavMCfiv0WMIyUGxz

Malware Config

Extracted

Family

bazarloader

C2

128.199.54.51

161.35.152.204

161.35.95.166

whitestorm9p.bazar

yellowdownpour81.bazar

Targets

    • Target

      01c709203eddc996c2f3432661ba5316_JaffaCakes118

    • Size

      323KB

    • MD5

      01c709203eddc996c2f3432661ba5316

    • SHA1

      b5d5945d2c67824ba084bc0f546511f71677a25e

    • SHA256

      cbf60d6fa0473f1a0290e278479a1786daea784d7dc2a63198292f7a9ec1a2a1

    • SHA512

      b92ef9637ad8d71cfb5878be83551c31b11b009e5f5643d0a11a91b0ba2cdabb2bb6ad77a6ca65d24a28f33606fa03a2f86038efa50587ddd21fd84b7972f8bd

    • SSDEEP

      6144:wXVlSsCrDRKqimtDMCfh55SEYpv0WMIyOzG/fK/rcZMIMhuz:SVavMCfiv0WMIyUGxz

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Bazar/Team9 Loader payload

MITRE ATT&CK Matrix

Tasks