BazarLoader - Decoding .HTA Using Cyberchef
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Python - T1059.006 Connection Proxy - T1090 Mshta - T1170 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | bfdeea6b-30ca-4dc0-84d1-a9728b4aaafe |
| Fingerprint | 9e027529b9b922b1 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 10, 2022, midnight |
| Added to db | April 11, 2023, 5:18 p.m. |
| Last updated | Nov. 18, 2024, 7:17 p.m. |
| Headline | BazarLoader - Decoding .HTA Using Cyberchef |
| Title | BazarLoader - Decoding .HTA Using Cyberchef |
| Detected Hints/Tags/Attributes | 16/2/7 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://embee-research.ghost.io/bazarloader/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 107 | ✔ | Embee Research | https://embee-research.ghost.io/rss/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | ondapro.me |
|
| Details | Domain | 47 | www.malware-traffic-analysis.net |
|
| Details | File | 2130 | cmd.exe |
|
| Details | File | 1212 | powershell.exe |
|
| Details | File | 457 | mshta.exe |
|
| Details | File | 817 | index.html |
|
| Details | Url | 1 | https://www.malware-traffic-analysis.net/2022/02/04/index.html |